You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Arbitrary File Write via Archive Extraction in unzipper
Moderate severity
GitHub Reviewed
Published
Jul 27, 2018
to the GitHub Advisory Database
•
Updated Sep 20, 2023
Versions of unzipper before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (../../file.txt for example).
Versions of
unzipper
before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (../../file.txt
for example).Recommendation
Update to version 0.3.18 or later.
References