CVE-2022-378xx
This challenge covers the review of a CVE in a Java codebase and its patch
The Code Review Patch challenges offer an engaging way to learn about vulnerabilities by examining both the vulnerable code and the corresponding patch. Initially, you should attempt to identify the issue within the code on your own. This approach helps sharpen your code analysis skills and deepens your understanding of common vulnerabilities. If you struggle to find the issue or wish to verify your findings, you can then review the patch (diff file) provided.
In the provided example, the challenge focuses on a vulnerability found in the ZipPacking.java
file. The vulnerable code lacks checks to ensure that extracted files do not escape the intended destination directory. The patch addresses this by adding validation to prevent path traversal attacks, ensuring that files extracted from the zip archive remain within the designated directory.