Homepage

decompress-zip@0.0.5 vulnerabilities

Extract files from a ZIP archive

  • latest version

    0.3.3

  • latest non vulnerable version

    0.3.3

  • first published

    12 years ago

  • latest version published

    4 years ago

  • licenses detected

  • View decompress-zip package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the decompress-zip package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Arbitrary File Write via Archive Extraction (Zip Slip)

    decompress-zip extracts the contents of the ZIP archive file.

    Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). The package will extract files outside of the scope of the specified target directory because there is no validation that file extraction stays within the defined target path.

    How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

    Upgrade decompress-zip to version 0.2.2, 0.3.2 or higher.

    <0.2.2>=0.3.0 <0.3.2
    Go back to all versions of this package