Jörmungandrk

icon indicating an email [email protected]

icon company Cybersecurity Engineer | Cyber-Physical Systems CPS™ @zsrscience | Cybersecurity Mentoring @zerofactorylabs icon location Lesser Sunda Islands. East of Javanesse icon location Security engineer passionate about kocheng silence. This is my personal account and any activities I perform are as an individual.👤

Results 20 comments of Jörmungandrk

fix(feat): Multiplication result converted to larger type

ping @zpostfacto lets `merged` this pull-request for `patch` the vulnerable.

fix shell command built from environment values

ping @imbrian for merged this pull-request

fix uncontrolled command line main

@microsoft-github-policy-service agree

Fix arbitrary file access during archive extraction zipslip issue on archive

/check-cla

Fix arbitrary file access during archive extraction zipslip issue on archive

/kind bug

Fix arbitrary file access during archive extraction zipslip issue on archive

### `sanitizePath` ```go func sanitizePath(outPath, p string) (string, error) { cleanedPath := filepath.Clean(p) absOutPath, err := filepath.Abs(outPath) ... absPath, err := filepath.Abs(filepath.Join(absOutPath, cleanedPath)) ... if !strings.HasPrefix(absPath, absOutPath) { return "",...

Fix arbitrary file access during archive extraction zipslip issue on archive

ping /review @mattermost could you `merged` this `fix`

fix: arbitrary file access during archive extraction zipslip on index

/bounty 500 /claim #1809

fix: arbitrary file access during archive extraction zipslip on index

/claim #1808

fix Shell command built from environment values

/cla run