Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2022/02/01 12:46 a.m.10 views

@webiny/api-page-builder (>=0.0.0-mt-1 <=5.21.0-beta.0), @webiny/api-page-builder-import-export (>=0.0.0-mt-1 <=5.21.0-beta.0) +5 more potentially affected by CVE-2021-23484 via zip-local (=0.3.4)

zip-local NPM version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on zip-local and may be impacted: - @webiny/api-page-builder =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.1.0, =0.0.2, =0.0.7 Source cves: CVE-2021-23484...

9.8CVSS7.2AI score0.0205EPSS
Exploits1
NVD
NVD
added 2022/01/28 10:15 p.m.17 views

CVE-2021-23484

The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...

9.8CVSS0.0205EPSS
Exploits1References3
OSV
OSV
added 2022/01/28 10:15 p.m.15 views

CVE-2021-23484

The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...

9.8CVSS9.3AI score
Exploits0References3
Cvelist
Cvelist
added 2022/01/28 9:31 p.m.20 views

CVE-2021-23484 Arbitrary File Write via Archive Extraction (Zip Slip)

The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...

9.8CVSS9.6AI score0.0205EPSS
Exploits1References3
Rows per page
Query Builder