AutoarExtractor: Do not extract files outside the destination dir
Currently, a malicious archive can cause that the files are extracted outside of the destination dir. This can happen if the archive contains a file whose parent is a symbolic link, which points outside of the destination dir. This is potentially a security threat similar to CVE-2020-11736. Let's skip such problematic files when extracting. Fixes: #7
-
mentioned in issue file-roller#108 (closed)
-
mentioned in merge request !12 (merged)
-
mentioned in issue #12 (closed)
Please register or sign in to comment