Lucene search
+L

10 matches found

redhatcve
redhatcve
added 2025/10/11 5:42 a.m.17 views

CVE-2025-11569

All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync and unzipSync functions that allow arguments such as dirname. An attacker can access system files by selectively doing zip/unzip operations...

8.7CVSS6.9AI score
Exploits0References1
euvd
euvd
added 2025/10/10 6:30 a.m.6 views

EUVD-2025-33658

cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations...

8.7CVSS6.4AI score
Exploits0References4
osv
osv
added 2025/10/10 6:30 a.m.2 views

GHSA-GJ5F-73VH-WPF7 Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations

Withdrawn Advisory This advisory has been withdrawn because it does not discuss a valid vulnerability. This link is maintained to preserve external references. Original Description All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync and...

5.8AI score
Exploits0References5
github
github
added 2025/10/10 6:30 a.m.9 views

Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations

Withdrawn Advisory This advisory has been withdrawn because it does not discuss a valid vulnerability. This link is maintained to preserve external references. Original Description All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync and...

6.7AI score
Exploits0References5Affected Software1
nvd
nvd
added 2025/10/10 5:15 a.m.11 views

CVE-2025-11569

Rejected reason: This record was withdrawn by its CNA; further investigation revealed it was not a security issue...

Exploits0
cve
cve
added 2025/10/10 5:0 a.m.19 views

CVE-2025-11569

The connected data identifies a concrete vulnerability in the cross-zip JavaScript package. A Directory Traversal flaw exists when repeatedly using zipSync() and unzipSync() with arguments such as __dirname, allowing an attacker to access host system files. Red Hat lists all versions of cross-zip...

6.6AI score
Exploits0
cvelist
cvelist
added 2025/10/10 5:0 a.m.12 views

CVE-2025-11569

...

Exploits0
vulnrichment
vulnrichment
added 2025/10/10 5:0 a.m.4 views

CVE-2025-11569

...

6.3AI score
Exploits0
cnnvd
cnnvd
added 2025/10/10 12:0 a.m.7 views

编号撤回

cross-zip is a cross-platform zip file creation tool by the individual developer Feross Aboukhadijeh. This CVE number has been withdrawn...

6.6AI score
Exploits0References3
ptsecurity
ptsecurity
added 2025/10/10 12:0 a.m.7 views

PT-2025-41501

Name of the Vulnerable Software and Affected Versions cross-zip affected versions not specified Description The cross-zip JavaScript package, used for zipping and unzipping files in Node.js environments, is susceptible to a directory traversal issue. This arises from improper handling of...

8.7CVSS6.2AI score
Exploits0References11
Rows per page
Query Builder