Homepage

decompress-zip@0.0.5 vulnerabilities

Extract files from a ZIP archive

  • latest version

    0.3.3

  • latest non vulnerable version

    0.3.3

  • first published

    11 years ago

  • latest version published

    4 years ago

  • licenses detected

  • View decompress-zip package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the decompress-zip package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Arbitrary File Write via Archive Extraction (Zip Slip)

    decompress-zip extracts the contents of the ZIP archive file.

    Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). The package will extract files outside of the scope of the specified target directory because there is no validation that file extraction stays within the defined target path.

    How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

    Upgrade decompress-zip to version 0.2.2, 0.3.2 or higher.

    <0.2.2>=0.3.0 <0.3.2
    Go back to all versions of this package