Google Play Console reports security error: Zip Path Traversal Error due to cordova-plugin-zip dependency

### Description

Google Play Console reports security error in Pre-launch report details.

> # Pre-launch report details
> ## Security and trust
> ### Zip Path Traversal
> Your app contains an unsafe unzipping pattern that may lead to a Path Traversal vulnerability. Please see this Google Help Center article to learn how to fix the issue.
> 
> * org.apache.cordova.Zip.unzipSync

![image](https://user-images.githubusercontent.com/5146396/110475798-99b98000-80e1-11eb-9dea-89d15fdeded4.png)

The reported error is being caused by cordova plugin **cordova-plugin-zip** which is a dependency of cordova-plugin-code-push

### Reproduction

Install cordova-plugin-code-push, build production APK and submit it to Google Play Console.

### Additional Information

* cordova-plugin-code-push version: 2.0.0 
* Cordova version: 10.0.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Google Play Console reports security error: Zip Path Traversal Error due to cordova-plugin-zip dependency #671

Description

Pre-launch report details

Security and trust

Zip Path Traversal

Reproduction

Additional Information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Google Play Console reports security error: Zip Path Traversal Error due to cordova-plugin-zip dependency #671

Description

Description

Pre-launch report details

Security and trust

Zip Path Traversal

Reproduction

Additional Information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions