zipp@3.1.0 vulnerabilities

Backport of pathlib-compatible object wrapper for zip files

Direct Vulnerabilities

Known vulnerabilities in the zipp package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Infinite loop

Affected versions of this package are vulnerable to Infinite loop where an attacker can cause the application to stop responding by initiating a loop through functions affecting the Path module, such as joinpath, the overloaded division operator, and iterdir.

How to fix Infinite loop?

Upgrade zipp to version 3.19.1 or higher.

[,3.19.1)