Skip to content

Zip File Overwrite

Zip File Overwrite: Understanding and Mitigating the Zip Slip Vulnerability

Manage Zip File Overwrite Risks
Table of Contents

What is zip file overwrite?

Zip file overwrite (also known as Zip Slip) exploits a vulnerability that is found in several widely used programming languages. It is especially prevalent in Java where there is no central library that provides a high-level process for archive files. Taking advantage of this flaw, attackers can create Zip archives that use path traversal to overwrite critical files on affected systems, either destroying them or replacing them with malicious code for remote command execution. These can be invoked remotely or the attacker can wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

Since it was publicly disclosed on June 5, 2018 by the Synk Security Team, Zip Slip has been found in many language ecosystems (Ruby, .NET, Go, and JavaScript). As an arbitrary file overwrite vulnerability, Zip Slip can be triggered with a directory traversal attack while extracting files from an archive and affects many archive formats, including tar, jar, war, cpio, apk, rar, and 7z.


Learn More About Contrast Security

Contrast is the clear customers’ choice

Contrast is named a Customers’ Choice in the 2021 Gartner Peer Insights “Voice of the Customer”: Application Security Testing report. With the highest percentage of 5-star ratings, this is the third consecutive year Contrast has received this powerful endorsement from customers.


Built for Developers. Trusted by Security.


Learn Secure Code

Cross Site Scripting (XSS)


Learn about Cross site scripting (XSS) and how it affects your Java source code

SQL Injection - Java-1


Learn about SWL injection and how it affects your Java source code

Client Side Injection


Learn about client-side injection and how it can affect your source code