OO versions 10.21 and 10.51 impacted by ZipSlip Vulnerability ?

  • Document ID:KM03201585
  • Creation Date:12-Jul-2018
  • Modified Date:12-Jul-2018
    • Micro Focus Products:
      operations orchestration

Archived Content: This information is no longer maintained and is provided "as is" for your convenience.

Summary

OO versions 10.21 and 10.51 impacted by ZipSlip Vulnerability ?

Question

Are OO versions 10.21 and 10.51 impacted by ZipSlip Vulnerability
https://github.com/snyk/zip-slip-vulnerability
 

Answer

R&D said: “OO is not impacted by ZipSplin vulnerability as it doesn't use any of the impacted libraries.
The second aspect checked for this vulnerability was to check for code potentially vulnerabile. We have validations in place for decompression of files / artifacts used in Central or Studio. (we checked zip entries that have ../../.. in their names and they do not pass our validation)
This statement is valid for all 10.x versions  (including 2018.05...)”