CVE-2022-48285

Опубликовано: 29 янв. 2023

Источник: nvd

CVSS3: 7.3

EPSS Низкий

Описание

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/244499
Third Party Advisory
VDB Entry
https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15
Patch
Third Party Advisory
https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0005/
https://www.mend.io/vulnerability-database/WS-2023-0004
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/244499
Third Party Advisory
VDB Entry
https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15
Patch
Third Party Advisory
https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0005/
https://www.mend.io/vulnerability-database/WS-2023-0004
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jszip_project:jszip:*:*:*:*:*:node.js:*:*

Версия до 3.8.0 (исключая)

EPSS

Процентиль: 79%

0.01199

Низкий

7.3 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2022-48285

CVSS3: 7.3

ubuntu

около 3 лет назад

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.

CVE-2022-48285

CVSS3: 7.3

redhat

около 3 лет назад

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.

CVE-2022-48285

CVSS3: 7.3

msrc

около 3 лет назад

Описание отсутствует

CVE-2022-48285

CVSS3: 7.3

debian

около 3 лет назад

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a craft ...

GHSA-36fh-84j7-cv5h

CVSS3: 7.3

github

около 3 лет назад

JSZip contains Path Traversal via loadAsync

EPSS

Процентиль: 79%

0.01199

Низкий

7.3 High

CVSS3

Дефекты

CWE-22