Lucene search

GitHub Advisory DatabaseGHSA-36FH-84J7-CV5H

HistoryJan 29, 2023 - 6:30 a.m.

JSZip contains Path Traversal via loadAsync

2023-01-2906:30:52

CWE-22

GitHub Advisory Database

github.com

106

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.5%

JSON

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.

CPENameOperatorVersion
jsziplt3.8.0

CPE	Name	Operator	Version
	jszip	lt	3.8.0

References

exchange.xforce.ibmcloud.com/vulnerabilities/244499

github.com/advisories/GHSA-36fh-84j7-cv5h

github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15

github.com/Stuk/jszip/compare/v3.7.1...v3.8.0

nvd.nist.gov/vuln/detail/CVE-2022-48285

www.mend.io/vulnerability-database/WS-2023-0004

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.5%

JSON

Related for GHSA-36FH-84J7-CV5H