Vulnerability CVE-2022-36943
Published: 2023-01-03

Description:
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.

 References:
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-vgvw-6xcf-qqfc
Copyright 2026, cxsecurity.com

 

Back to Top