Vulnerability	Vulnerable Version
M Arbitrary File Write via Archive Extraction (Zip Slip) decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). It is possible to bypass the security measures provided by decompress and conduct ZIP path traversal through symlinks. PoC `const decompress = require('decompress'); decompress('slip.tar.gz', 'dist').then(files => { console.log('done!'); });` How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade `decompress` to version 4.2.1 or higher.	<4.2.1

Arbitrary File Write via Archive Extraction (Zip Slip)

decompress is a package that can be used for extracting archives.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). It is possible to bypass the security measures provided by decompress and conduct ZIP path traversal through symlinks.

PoC

const decompress = require('decompress');

decompress('slip.tar.gz', 'dist').then(files => {
    console.log('done!');
});

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade decompress to version 4.2.1 or higher.

<4.2.1

Go back to all versions of this package