Behind the disclosure: the Zip Slip vulnerability
8y agoen
Source
SnykBehind the disclosure: the Zip Slip vulnerabilitysnyk.ioIn June 2018, the Snyk research team found many exploitable instances of the Zip Slip in various ecosystems that affected thousands of applications. This kind of wide reaching vulnerability requires a well thought out private disclosure process so that vulnerable libraries and projects are warned about their exposure before public disclosures are made. This post goes into the details of what we did throughout the process from discovery to disclosure, creating fix PRs and beyond.
You might also wanna read
Security Researcher Discovers Critical Data Vulnerability in Sports Insurer Portal, Faces Legal Threats Instead of Cooperation
A diving instructor and platform engineer discovers a critical security vulnerability in a sports insurer's portal during a dive trip, expos
Critical Vulnerability Discovery in Nix Package Manager Ecosystem
The article details how the author and a colleague discovered a critical vulnerability in the Nix package manager ecosystem that could have

Comments
Sign in to join the conversation.
No comments yet. Be the first.