Description
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/244499
Third Party AdvisoryVDB Entry
https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15
PatchThird Party Advisory
https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0
Third Party Advisory
https://www.mend.io/vulnerability-database/WS-2023-0004
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-01-29T05:15:10.070
2 years agoLast modified
2024-08-01T13:43:05.703
11 months ago