Overview
Vulnerable versions of decompress-zip
are affected by the Zip-Slip vulnerability, an arbitrary file write vulnerability. The vulnerability occurs because decompress-zip
does not verify that extracted files do not resolve to targets outside of the extraction root directory.
Remediation
For decompress-zip
0.2.x upgrade to 0.2.2 or later.
For decompress-zip
0.3.x upgrade to 0.3.2 or later.
Resources
Have content suggestions? Send them to [email protected]
Advisory timeline
published
Advisory Publishedreported