Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the @appium/support package

Summary Due to the use of the @appium/support package, DevOps Test Performance and Rational Performance Tester contain a potential path traversal vulnerability CVE-2026-30973, Vulnerability Details CVEID:CVE-2026-30973 DESCRIPTION: Appium is an automation framework that provides WebDriver-based...

@appium/support has a Zip Slip arbitrary file write in its ZIP extraction

Summary @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with...

EUVD-2026-10709

@appium/support has a Zip Slip arbitrary file write in its ZIP extraction...

GHSA-RFX7-4XW3-GH4M @appium/support has a Zip Slip arbitrary file write in its ZIP extraction

Summary @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with...

Directory Traversal

Overview @appium/support is a Support libs used across Appium packages Affected versions of this package are vulnerable to Directory Traversal in the extractAllTo function. An attacker can write arbitrary files outside the intended extraction directory by supplying a crafted ZIP archive containin...

CVE-2026-30973

Appium vulnerability CVE-2026-30973 affects the @appium/support ZIP extraction path. Before 7.0.6, the non-functional path-traversal check in extractAllTo() (ZipExtractor.extract()) creates an Error but never throws it, enabling malicious ZIP entries with ../ components to write outside the desti...

CVE-2026-30973 Zip Slip arbitrary file write in @appium/support ZIP extraction

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

CVE-2026-30973 Zip Slip arbitrary file write in @appium/support ZIP extraction

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

CVE-2026-30973 Zip Slip arbitrary file write in @appium/support ZIP extraction

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

PT-2026-24342

Name of the Vulnerable Software and Affected Versions Appium versions prior to 7.0.6 Description Appium, an automation framework, has an issue in its ZIP extraction implementation within the @appium/support package. The path traversal check Zip Slip in extractAllTo via ZipExtractor.extract is...