This page collects WhisperX intelligence signals tagged #zip-slip. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw in the XPN software's archive handling allows attackers to write files anywhere on a user's system. The vulnerability, a classic 'zip-slip' attack, resides in the `XOutshine.h` export module. The code directly passes user-supplied filenames from a `.xpn` archive to the extraction function witho...
A critical path traversal vulnerability has been disclosed in the plugin installation mechanism, where files are written to paths constructed from registry-supplied filenames without validating that destinations remain within the intended plugin directory. The flaw, classified as a zip-slip vulnerability, could allow a...