Malcontent Symlink Handling Vulnerability Leading to Directory Traversal

A vulnerability in Malcontent versions 1.8.0 prior to 1.20.3 allows for the creation of symbolic links outside the intended extraction directory when processing specially crafted tar or deb archives. This issue arises because the 'handleSymlink' function receives arguments in the incorrect order, using the symlink target as the location. Furthermore, symlink targets are not properly validated to ensure they remain within the extraction directory. Exploitation of this vulnerability could lead to unauthorized access to files or directories by creating symlinks that traverse the filesystem.

Impact

Exploitation of this vulnerability could allow for unauthorized file access or manipulation by creating symlinks that bypass normal directory restrictions.

Reproduction

The vulnerability can be reproduced by creating a tar or deb archive that includes symlinks pointing outside the extraction directory. When this archive is processed by Malcontent, the 'handleSymlink' function will incorrectly place the symlink target as the link location, potentially leading to directory traversal.

Remediation

Users can upgrade to Malcontent version 1.20.3 or later, where this vulnerability has been patched.