Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.14 views

PT-2026-46903

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...

6.4CVSS6.4AI score0.00528EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/04/09 10:2 a.m.7 views

-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +28672 more potentially affected by CVE-2020-12265 +1 more via decompress (>=0.1.10 <=4.2.1)

decompress NPM version =0.1.10, =1.0.0, =0.0.1, =0.0.4 - 1095h-cli =1.0.1 - 10secondsofcode-custom =1.0.0 and more Source cves: CVE-2020-12265, CVE-2026-10732 Source advisory: SNYK:JS-DECOMPRESS-16415209...

9.8CVSS7.1AI score0.02174EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 p.m.9 views

CVE-2020-12265

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

9.8CVSS6.7AI score0.02174EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2020/09/03 9:16 p.m.4 views

08cms (=1.0.0), 17fe-template-cli (>=1.0.4 <=1.0.6) +8156 more potentially affected by CVE-2020-12265 via decompress (>=0.1.10 <=4.2.0)

decompress NPM version =0.1.10, =1.0.4, =1.0.3, =0.0.1, =1.0.0, =1.0.0, =1.1.0, =0.1.6, =1.0.0, =3.2.0, =3.6.0-rc.1 - @acidic9/slate-tools =1.0.0-beta.20 and more Source cves: CVE-2020-12265 Source advisory: OSV:GHSA-QGFR-5HQP-VRW9...

9.8CVSS7.1AI score0.02174EPSS
Exploits1
NVD
NVD
added 2020/04/26 5:15 p.m.17 views

CVE-2020-12265

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

9.8CVSS9.4AI score0.02174EPSS
Exploits1References3
CVE
CVE
added 2020/04/26 4:46 p.m.119 views

CVE-2020-12265

The CVE-2020-12265 entry concerns the Node.js decompress package before version 4.2.1. Root cause: Directory Traversal via ../ in an archive member when a symlink is used, allowing Arbitrary File Write. Affected software: decompress (Node.js) prior to 4.2.1. Impact statements in the connected doc...

9.8CVSS9.3AI score0.02174EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder