Zip Slip is an arbitrary file overwrite vulnerability. It affects thousands of projects across many ecosystems but is especially prevalent in Java, where there is no central library offering high level processing of archive (e.g. zip) files.

This video shows a live exploit of this vulnerability on a Java application deployed in a Heroku cloud instance.

For more information, see http://snyk.io/research/zip-slip-vuln...

For the latest and to contribute to the status of vulnerable libraries see http://github.com/snyk/zip-slip-vulne...