Zip Slip Vulnerability in aosm Extension of azure-cli
During a source code review of the Azure Command-Line Interface (Azure CLI), I analyzed the AOSM (Azure Operator Service Manager) extension and discovered a potentially unsafe use of Python’s tarfi...