You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Arbitrary File Write in adm-zip
Moderate severity
GitHub Reviewed
Published
Jul 27, 2018
to the GitHub Advisory Database
•
Updated Sep 12, 2023
Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (../../file.txt for example).
Versions of
adm-zip
before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (../../file.txt
for example).Recommendation
Update to version 0.4.9 or later.
References