Google Play Console reports security error: Zip Path Traversal Error due to cordova-plugin-zip dependency #671

VojGin · 2021-03-09T13:25:54Z

Description

Google Play Console reports security error in Pre-launch report details.

Pre-launch report details

Security and trust

Zip Path Traversal

Your app contains an unsafe unzipping pattern that may lead to a Path Traversal vulnerability. Please see this Google Help Center article to learn how to fix the issue.

org.apache.cordova.Zip.unzipSync

The reported error is being caused by cordova plugin cordova-plugin-zip which is a dependency of cordova-plugin-code-push

Reproduction

Install cordova-plugin-code-push, build production APK and submit it to Google Play Console.

Additional Information

cordova-plugin-code-push version: 2.0.0
Cordova version: 10.0.0

vickyanands · 2021-06-11T03:48:17Z

I have the same issue and Is there a date when this is getting fixed or else I have to remove code-push from my app.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Google Play Console reports security error: Zip Path Traversal Error due to cordova-plugin-zip dependency #671

Google Play Console reports security error: Zip Path Traversal Error due to cordova-plugin-zip dependency #671

VojGin commented Mar 9, 2021

Pre-launch report details

Security and trust

Zip Path Traversal

vickyanands commented Jun 11, 2021

Google Play Console reports security error: Zip Path Traversal Error due to cordova-plugin-zip dependency #671

Google Play Console reports security error: Zip Path Traversal Error due to cordova-plugin-zip dependency #671

Comments

VojGin commented Mar 9, 2021

Description

Pre-launch report details

Security and trust

Zip Path Traversal

Reproduction

Additional Information

vickyanands commented Jun 11, 2021