6 matches found
PT-2026-46903
All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...
-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +28672 more potentially affected by CVE-2020-12265 +1 more via decompress (>=0.1.10 <=4.2.1)
decompress NPM version =0.1.10, =1.0.0, =0.0.1, =0.0.4 - 1095h-cli =1.0.1 - 10secondsofcode-custom =1.0.0 and more Source cves: CVE-2020-12265, CVE-2026-10732 Source advisory: SNYK:JS-DECOMPRESS-16415209...
CVE-2020-12265
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...
08cms (=1.0.0), 17fe-template-cli (>=1.0.4 <=1.0.6) +8156 more potentially affected by CVE-2020-12265 via decompress (>=0.1.10 <=4.2.0)
decompress NPM version =0.1.10, =1.0.4, =1.0.3, =0.0.1, =1.0.0, =1.0.0, =1.1.0, =0.1.6, =1.0.0, =3.2.0, =3.6.0-rc.1 - @acidic9/slate-tools =1.0.0-beta.20 and more Source cves: CVE-2020-12265 Source advisory: OSV:GHSA-QGFR-5HQP-VRW9...
CVE-2020-12265
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...
CVE-2020-12265
The CVE-2020-12265 entry concerns the Node.js decompress package before version 4.2.1. Root cause: Directory Traversal via ../ in an archive member when a symlink is used, allowing Arbitrary File Write. Affected software: decompress (Node.js) prior to 4.2.1. Impact statements in the connected doc...