Lucene search
SnykCVELIST:CVE-2018-1002203HistoryOct 03, 2022 - 4:21 p.m.
CVE-2018-1002203
2022-10-0316:21:40
CWE-22
snyk
www.cve.org
cve-2018-1002203
zip-slip
directory traversal
npm library
unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a …/ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as ‘Zip-Slip’.
CNA Affected
[
{
"product": "unzipper",
"vendor": "node.js",
"versions": [
{
"lessThan": "0.8.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2018-1002203
2018-07-25 17:29:01
CVE-2018-3782
2018-08-13 19:29:02
osv
osv
CVE-2018-1002203
2018-07-25 17:29:01
Arbitrary File Write via Archive Extraction in unzipper
2018-07-27 17:06:50
veracode
veracode
Arbitrary File Write
2018-06-07 00:45:29
cve
cve
CVE-2018-1002203
2022-10-03 16:21:40
CVE-2018-3782
2018-08-13 19:29:02
github
github
Arbitrary File Write via Archive Extraction in unzipper
2018-07-27 17:06:50
hackerone
hackerone
Node.js third-party modules: Arbitrary File Write through archive extraction
2018-06-05 16:01:18
nodejs
nodejs
Arbitrary File Write via Archive Extraction
2018-08-03 15:08:43
prion
prion
Directory traversal
2018-07-25 17:29:00
f5
f5
K64709522 : Multiple Zip Slip vulnerabilities
2018-08-03 00:00:00
checkpoint_advisories
checkpoint_advisories
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.6%
Related for CVELIST:CVE-2018-1002203