Arbitrary File Overwritedecompress-zip
Vulnerable versions of
decompress-zip are affected by the Zip-Slip vulnerability, an arbitrary file write vulnerability. The vulnerability occurs because
decompress-zip does not verify that extracted files do not resolve to targets outside of the extraction root directory.
decompress-zip 0.2.x upgrade to 0.2.2 or later.
decompress-zip 0.3.x upgrade to 0.3.2 or later.
publishedAdvisory PublishedJan 30th, 2019
reportedReported by Snyk Security TeamJan 30th, 2019