decompress-zip@0.2.1 vulnerabilities
Extract files from a ZIP archive
-
latest version
0.3.3
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
4 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the decompress-zip package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
decompress-zip extracts the contents of the ZIP archive file. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). The package will extract files outside of the scope of the specified target directory because there is no validation that file extraction stays within the defined target path. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade |
<0.2.2
>=0.3.0 <0.3.2
|