Fix CVE-2024-48510 in ZipExtractor.

.github/workflows/release.yml

@@ -29,7 +29,7 @@ jobs:
       webuiVer: '1.0.2'
       webuiUrl: 'https://github.com/vrnobody/WebUI/releases/download'
       v2rayCorePkgName: 'Xray-win7-64.zip'
-      v2rayCoreVer: 'v24.10.16'
+      v2rayCoreVer: 'v24.11.11'
       # https://github.com/XTLS/Xray-core/releases/download/v1.4.0/Xray-windows-64.zip
       v2rayCoreUrl: 'https://github.com/XTLS/Xray-core/releases/download'
       tun2socksZipUrl: 'https://github.com/xjasonlyu/tun2socks/releases/download/v2.5.2/tun2socks-windows-amd64.zip'

3rd/ZipExtractor/FormMain.cs

@@ -85,7 +85,7 @@ private void FormMain_Shown(object sender, EventArgs e)
             _backgroundWorker = new BackgroundWorker
             {
                 WorkerReportsProgress = true,
-                WorkerSupportsCancellation = true
+                WorkerSupportsCancellation = true,
             };
 
             _backgroundWorker.DoWork += (_, eventArgs) =>
@@ -199,6 +199,7 @@ Process process in Process.GetProcessesByName(
                             try
                             {
                                 filePath = Path.Combine(extractionPath, entry.FullName);
+                                ValidateFilePath(extractionPath, filePath);
                                 if (!entry.IsDirectory())
                                 {
                                     string parentDirectory = Path.GetDirectoryName(filePath);
@@ -408,5 +409,20 @@ private void FormMain_FormClosing(object sender, FormClosingEventArgs e)
                 _logBuilder.ToString()
             );
         }
+
+        #region private methods
+        void ValidateFilePath(string dir, string file)
+        {
+            // a patch for CVE-2024-48510
+            var dest = Path.GetFullPath(dir);
+            var full = Path.GetFullPath(file);
+            if (!full.StartsWith(dest, StringComparison.OrdinalIgnoreCase))
+            {
+                throw new IOException(
+                    "Trying to extract file outside of destination directory. See this link for more info: https://snyk.io/research/zip-slip-vulnerability"
+                );
+            }
+        }
+        #endregion
     }
 }

V2RayGCon/Properties/AssemblyInfo.cs

@@ -33,11 +33,13 @@
 // 可以指定所有值，也可以使用以下所示的 "*" 预置版本号和修订号
 // 方法是按如下所示使用“*”: :
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("2.0.6.1")]
+[assembly: AssemblyVersion("2.0.7.0")]
 [assembly: AssemblyFileVersion("1.0.0.0")]
 
 /*
 
+--------------------------------------------------------------------
+v2.0.6.2 Fix CVE-2024-48510 in ZipExtractor.
 v2.0.6.1 Remove DotNetZip NuGet package.
 --------------------------------------------------------------------
 v2.0.5.4 Add std.Servers:GetFilteredServers(keyword).