Описание
Arbitrary File Overwrite in decompress-zip
Vulnerable versions of decompress-zip are affected by the Zip-Slip vulnerability, an arbitrary file write vulnerability. The vulnerability occurs because decompress-zip does not verify that extracted files do not resolve to targets outside of the extraction root directory.
Recommendation
For decompress-zip 0.2.x upgrade to 0.2.2 or later.
For decompress-zip 0.3.x upgrade to 0.3.2 or later.
Пакеты
Наименование
decompress-zip
npm
Затронутые версииВерсия исправления
< 0.2.2
0.2.2
Наименование
decompress-zip
npm
Затронутые версииВерсия исправления
>= 0.3.0, < 0.3.2
0.3.2