This page collects WhisperX intelligence signals tagged #zip slip. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical path traversal vulnerability has been identified in the Wanaku CLI's ZipHelper component, exposing systems to Zip Slip attacks. The flaw allows a maliciously crafted zip file to write arbitrary files outside the intended extraction directory, potentially leading to system compromise, data overwrite, or remot...
A critical path traversal vulnerability in the Hermes CLI tool's profile archive extraction has been identified and patched. The flaw, a classic 'zip slip' attack vector, allowed a maliciously crafted `.tar.gz` archive to write files outside the intended destination directory. This created a direct risk where an attack...
A high-severity Zip Slip path traversal vulnerability has been identified in jaraco-context 6.0.1, raising urgent concerns for developers and organizations that rely on the widely-used Python package. The flaw, tracked as CVE-2026-23949, resides in the `jaraco.context.tarball()` function and may allow attackers to extr...