54 matches found
JSZip contains Path Traversal via loadAsync
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
AZL-57076 CVE-2022-48285 affecting package beust-jcommander 2.0-1
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
AZL-38236 CVE-2022-48285 affecting package mozjs for versions less than 102.15.1-1
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
Directory traversal
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
UBUNTU-CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
jszip 路径遍历漏洞
jszip is a JavaScript library for creating, reading and editing .zip files. A security vulnerability exists in jszip versions prior to 3.8.0, which stems from allowing directory traversal through a crafted ZIP archive...
CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...
CVE-2022-48285
CVE-2022-48285 affects JSZip: the loadAsync function in JSZip before 3.8.0 can be exploited to perform a directory traversal via crafted ZIP archives, enabling access to files outside the target directory. Remediation: upgrade to JSZip 3.8.0 or later, which fixes the issue.
The vulnerability of the Jszip zip file processing library, related to improper code generation, allows a hacker to cause a service failure.
The vulnerability of the Jszip zip file processing library is related to incorrect handling of file names. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
PT-2022-6761 · Jszip +1 · Jszip +1
Name of the Vulnerable Software and Affected Versions: JSZip versions prior to 3.8.0 Description: The issue is related to the loadAsync function in JSZip, which allows directory traversal via a crafted ZIP archive. This can be exploited by a remote attacker to write arbitrary files and execute...
Prototype Pollution
Overview Affected versions of jszip have a prototype pollution vulnerability. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance. Recommendation Upgrade to version 3.7.0 or later References...
1st-20200429 (=1.1.0), 3vot-clay (=2.0.1) +1818 more potentially affected by CVE-2021-23413 via jszip (>=0.2.1 <=2.6.1)
jszip NPM version =0.2.1, =0.3.1, =4.0.1, =1.0.2, =1.0.0, =1.0.1, =1.4.11-bleeding.0, =0.0.1, =1.0.0, =2.5.1, =0.0.1, =0.1.2 and more Source cves: CVE-2021-23413 Source advisory: OSV:GHSA-JG8V-48H5-WGXG...
-temp-electron-manager-somiibo (=0.0.200), 003-gas-convert (=1.0.1) +18279 more potentially affected by CVE-2021-23413 via jszip (>=3.0.0 <=3.6.0)
jszip NPM version =3.0.0, =0.2.13, =4.3.4, =1.0.0, =1.0.26, =1.0.46 - 66in-components =1.1.181 - 66in-utils =1.0.78 and more Source cves: CVE-2021-23413 Source advisory: OSV:GHSA-JG8V-48H5-WGXG...
jszip Vulnerable to Prototype Pollution
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...