2 matches found
ROOT-APP-NPM-CVE-2026-32630 CVE-2026-32630 in @rootio/file-type - Patched by Root
Root has patched CVE-2026-32630 in the @rootio/file-type package for Root:npm. Multiple fixed versions available...
CVE-2026-32630 file-type affected by ZIP Decompression Bomb DoS via [Content_Types].xml entry
file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. The ZIP inflate output limit is enforced for...