23 matches found
CVE-2026-39244
A flaw was found in adm-zip. A remote attacker can exploit this vulnerability by providing a specially crafted ZIP file. The file's header can be manipulated to declare an extremely large uncompressed size, causing the application to allocate an excessive amount of memory. This excessive memory...
EUVD-2026-42960
adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:adm-zip is a JavaScript implementation for zip data compression for NodeJS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in zipEntry.js and entryHeader.js, which size a Buffer.alloc call directly from the...
Allocation of Resources Without Limits or Throttling
Overview adm-zip is a JavaScript implementation for zip data compression for NodeJS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in zipEntry.js and entryHeader.js, which size a Buffer.alloc call directly from the uncompressed-size field...
CVE-2026-39244
adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...
PT-2026-57215
Name of the Vulnerable Software and Affected Versions adm-zip versions prior to 0.5.18 Description A denial-of-service issue exists when parsing crafted ZIP files with a manipulated uncompressed size header field. The library allocates memory based on the declared uncompressed size from the ZIP...
CVE-2026-39244
The CVE-2026-39244 entry concerns adm-zip before 0.5.18 and describes a denial-of-service vulnerability triggered by a crafted ZIP file with a manipulated uncompressed size header. The root cause is that zipEntry.js allocates memory using Buffer.alloc(_centralHeader.size) based on the uncompresse...
CVE-2026-39244
adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...
CVE-2026-32719 AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...
EUVD-2018-0219
Malicious code in bioql PyPI...
K64709522: Multiple Zip Slip vulnerabilities
Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
Directory Traversal
adm-zip is vulnerable to directory traversal. The vulnerability exists due to the function extractAllTo allowing the extractions of files to a different folder...
Arbitrary File Write
Overview Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later. References - GitHub Pull Request - Zip Slip...
Arbitrary File Write via Archive Extraction
Overview Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later. References - GitHub Pull Request - Zip Slip...
The vulnerability of the extractDir function in the Node.js library for working with zip files (Adm-zip), which allows a hacker to execute arbitrary code.
The vulnerability of the extractDir function in the Node.js library for working with zip files in the Adm-zip library is related to an incorrect limitation on the path name of the directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially...
@lowzonenose/jsonp (>=0.0.1 <=0.0.3), @magnolia/cli (>=3.0.5 <=3.0.6) +184 more potentially affected by CVE-2018-1002204 via adm-zip (>=0.1.4 <=0.4.10)
adm-zip NPM version =0.1.4, =0.0.1, =3.0.5, =0.4.0, =0.1.3, =0.0.2, =0.0.4, =0.0.9, =0.10.0, =0.3.5, =1.0.13, =0.4.0, =0.1.0, =0.1.1 - attester =2.5.3 and more Source cves: CVE-2018-1002204 Source advisory: OSV:GHSA-3V6H-HQM4-2RG6...
GHSA-3V6H-HQM4-2RG6 Arbitrary File Write in adm-zip
Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later...
Arbitrary File Write in adm-zip
Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later...
ADM-ZIP Directory Traversal Vulnerability
adm-zip npm library is a Node.js-based JavaScript implementation that allows users to create, extract zip files in memory or on disk. A directory traversal vulnerability exists in versions of adm-zip npm library prior to 0.4.9. An attacker can exploit this vulnerability to write arbitrary files...
Directory traversal
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...