Zip Slip Vulnerability in bbs 5.3's UpgradeNow Function

Zip Slip Vulnerability in bbs 5.3's UpgradeNow Function

CVE-2021-43099 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe).

Learn more about our Web Application Penetration Testing UK.