Severity: high

Arbitrary File Write via Archive Extraction

unzipper

Overview

Versions of unzipper before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (../../file.txt for example).

Remediation

Update to version 0.3.18 or later.

Advisory timeline

  1. Created

    2018-08-03T15:08:43.436Z
  2. Updated

    2018-08-03T15:08:43.436Z