54 matches found
GHSA-JG8V-48H5-WGXG jszip Vulnerable to Prototype Pollution
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...
CVE-2021-23413
A flaw was found in JSZip. Crafting a new zip file with filenames set to Object prototype values ex. proto, toString, etc. results in a returned object with a modified prototype instance. The highest threat from this vulnerability is to system availability...
CVE-2021-23413
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...
CVE-2021-23413
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...
DEBIAN-CVE-2021-23413
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...
CVE-2021-23413
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...
UBUNTU-CVE-2021-23413
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...
CVE-2021-23413 Denial of Service (DoS)
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...
CVE-2021-23413
CVE-2021-23413 affects jszip before 3.7.0. Crafting a ZIP with filenames equal to Object prototype properties (e.g., proto , toString) yields a returned object with a modified prototype. The connected IBM document confirms the CVE and description but provides no explicit remediation or patch vers...
CVE-2021-23413
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...
CVE-2021-23413
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...
jszip 安全漏洞
jszip is a JavaScript library for creating, reading and editing .zip files. A security vulnerability exists in jszip versions prior to 3.7.0, which stems from the fact that when a new zip file is created with the filename set to an object prototype value, an object with a modified instance of the...
-temp-electron-manager-somiibo (=0.0.200), 003-gas-convert (=1.0.1) +18279 more potentially affected by CVE-2021-23413 via jszip (>=3.0.0 <=3.6.0)
jszip NPM version =3.0.0, =0.2.13, =4.3.4, =1.0.0, =1.0.26, =1.0.46 - 66in-components =1.1.181 - 66in-utils =1.0.78 and more Source cves: CVE-2021-23413 Source advisory: SNYK:JS-JSZIP-1251497...
Denial of Service (DoS)
Overview jszip is a Create, read and edit .zip files with JavaScript http://stuartk.com/jszip Affected versions of this package are vulnerable to Denial of Service DoS. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with...