4 matches found
@webiny/api-page-builder (>=0.0.0-mt-1 <=5.21.0-beta.0), @webiny/api-page-builder-import-export (>=0.0.0-mt-1 <=5.21.0-beta.0) +5 more potentially affected by CVE-2021-23484 via zip-local (=0.3.4)
zip-local NPM version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on zip-local and may be impacted: - @webiny/api-page-builder =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.1.0, =0.0.2, =0.0.7 Source cves: CVE-2021-23484...
CVE-2021-23484
The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...
CVE-2021-23484
The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...
CVE-2021-23484 Arbitrary File Write via Archive Extraction (Zip Slip)
The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...