Archive-Zip 1.54
Security Advisories
CVE-2018-10860
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
- https://security-tracker.debian.org/tracker/CVE-2018-10860
- https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
Severity: medium
Reported: 2018-06-28
Kwalitee Issues
- extractable
-
Pack the distribution with a proper command such as "make dist" and "./Build dist", or use a distribution builder such as Dist::Zilla, Dist::Milla, Minilla. You might also need to set some options or environmental variables to ensure your archiver work portably.
Error: No data could be read from Archive-Zip-1.54.tar.gz at site_perl/lib/Archive/Any/Lite.pm line 122.