GHSA-gj5f-73vh-wpf7

Опубликовано: 10 окт. 2025

Источник: github

Github: Прошло ревью

Описание

Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations

Withdrawn Advisory

This advisory has been withdrawn because it does not discuss a valid vulnerability. This link is maintained to preserve external references.

Original Description

All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.

Ссылки

Пакеты

Наименование

cross-zip

npm

Затронутые версииВерсия исправления

<= 4.0.1

Отсутствует

CVE ID

CVE-2025-11569

Дефекты

CWE-22

Связанные уязвимости

CVE-2025-11569

nvd

4 месяца назад

Rejected reason: This record was withdrawn by its CNA; further investigation revealed it was not a security issue.

CVE ID

CVE-2025-11569

Дефекты

CWE-22