You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This would have a potential to overwrite /root/.ssh/authorized_keys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however many projects use IO.unzip(...) directly to implement custom tasks - https://github.com/search?q=IO.unzip+language%3AScala&type=code&l=Scala&p=1
Patches
The problem has been patched in sbt/io#360
sbt 1.9.7 is available with the fix.
Workarounds
A workaround might be use some other library to unzip.
Impact
Given specially crafted zip or JAR file,
IO.unzipallows writing of arbitrary file. The follow is an example of a malicious entry:This would have a potential to overwrite
/root/.ssh/authorized_keys. Within sbt's main code,IO.unzipis used inpullRemoteCachetask andResolvers.remote; however many projects useIO.unzip(...)directly to implement custom tasks - https://github.com/search?q=IO.unzip+language%3AScala&type=code&l=Scala&p=1Patches
The problem has been patched in sbt/io#360
sbt 1.9.7 is available with the fix.
Workarounds
A workaround might be use some other library to unzip.
References