unzipper

Arbitrary File Write via Archive Extraction

Severity: high

Overview

Versions of unzipper before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (../../file.txt for example).

Remediation

Update to version 0.3.18 or later.

Vulnerable versions

0.1.11
2 years ago
0.2.0
2 years ago
0.3.0
2 years ago
0.3.1
2 years ago
0.3.2
2 years ago
0.4.0
2 years ago
0.4.1
2 years ago
0.5.0
2 years ago
0.6.0
2 years ago
0.7.0
2 years ago
0.7.1
2 years ago
0.7.2
2 years ago
0.7.3
2 years ago
0.7.4
2 years ago
0.7.5
2 years ago
0.7.6
2 years ago
0.8.0
2 years ago
0.8.1
2 years ago
0.8.2
2 years ago
0.8.3
2 years ago
0.8.4
2 years ago
0.8.5
a year ago
0.8.6
a year ago
0.8.7
a year ago
0.8.8
a year ago
0.8.9
a year ago
0.8.11
9 months ago
0.8.12
5 months ago

Unaffected versions

0.9.0-rc1
2 years ago
0.9.0-rc2
2 years ago
0.9.0-rc3
2 years ago
0.9.0-rc4
2 years ago
0.9.0-rc5
a year ago
0.9.0-rc6
a year ago
0.9.0-rc8
a year ago
0.9.0-rc9
a year ago
0.9.0-rc10
a year ago
0.8.13
4 months ago
0.8.14
3 months ago
0.9.0
2 months ago
0.9.1
2 months ago
0.9.2
a month ago

Advisory timeline

  1. Created

    2018-08-03T15:08:43.436Z
  2. Updated

    2018-08-03T15:08:43.436Z