Nonstop Progressive Marxism
Severity: high

Arbitrary File Write via Archive Extraction

adm-zip

Overview

Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (../../file.txt for example).

Remediation

Update to version 0.4.9 or later.

Advisory timeline

  1. Created

    2018-08-03T15:15:42.145Z
  2. Updated

    2018-08-03T15:15:42.145Z