[MOBILE-3949] Fix Zip Path Traversal vulnerability in Android - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.9.5
Fix Version/s: 4.0.0
Component/s: Android
Labels:
- triaged

Testing Instructions:
Hide

This issue should be tested in Android only.

Download different SCORMs and check that they're downloaded successfully (no error is displayed and the SCORM opens fine).
Show
This issue should be tested in Android only. Download different SCORMs and check that they're downloaded successfully (no error is displayed and the SCORM opens fine).
Affected Branches:
MOODLE_39_STABLE
Fixed Branches:
MOODLE_400_STABLE
Pull from Repository:
git://github.com/dpalou/moodleapp.git
Pull Main Branch:
~~MOBILE-3949~~
Pull Main Diff URL:
https://github.com/moodlehq/moodleapp/pull/3024

Sprint:
Moodle App 4.0

Description

Google doesn't allow us to publish our apps because of this vulnerability. It's caused by the zip plugin:

https://github.com/MobileChromeApps/cordova-plugin-zip/issues/91

Attachments

Activity

People

Assignee:: Dani Palou

Reporter:: Dani Palou

Integrator:: Pau Ferrer

Tester:: Isabel Renedo Rouco

Participants:: Dani Palou, Isabel Renedo Rouco, Pau Ferrer

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Dec/21 3:46 PM

Updated:: 02/May/22 9:13 PM

Resolved:: 02/May/22 9:13 PM

Fix Release Date:: 22/Apr/22