skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Security Risks in Archive Decompression Across Programming Languages

/ 1 min read

🗂️✨ Research Highlights Security Risks of Archive Decompression Across Programming Languages. An internship project at Doyensec focused on identifying vulnerabilities in archive file handling across popular programming languages, including Python, Ruby, Swift, Java, PHP, and JavaScript. The research demonstrated how improper extraction methods could lead to security risks, such as path traversal attacks, and included proof-of-concept code to illustrate these vulnerabilities. To aid developers, the project produced safe alternatives and a web application for testing archive extraction implementations. Additionally, a set of Semgrep rules was created to automate vulnerability detection in larger codebases. The findings emphasize the importance of proper path sanitization and validation to mitigate risks associated with unsafe unpacking. All resources are available on Doyensec’s GitHub repository.

Source
{entry.data.source.title}
Original