Lucene search
+L

13 matches found

CVE
CVE
added 5 days ago65 views

CVE-2026-53486

The CVE affects the Node.js decompress package used for archive extraction. Before versions 10.2.1 and 11.1.3, crafted archives could read or write files outside the target directory due to: hardlink and symlink entries being created without proper target checks; path containment validated by a s...

9.1CVSS6.1AI score0.00588EPSS
Exploits0References7
OSV
OSV
added 5 days ago3 views

ROOT-APP-NPM-CVE-2026-53486 CVE-2026-53486 in @rootio/xhmikosr__decompress - Patched by Root

Root has patched CVE-2026-53486 in the @rootio/xhmikosrdecompress package for Root:npm. Multiple fixed versions available...

9.1CVSS6.1AI score0.00588EPSS
Exploits0
Snyk
Snyk
added 2026/07/10 12:30 a.m.7 views

Symlink Attack

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Symlink Attack in the symlink handling process. An attacker can create arbitrary symbolic links outside the intended extraction directory by crafting an archive with...

7.5CVSS6.2AI score0.00501EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/10 12:30 a.m.17 views

Directory Traversal

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Directory Traversal via improper validation in the safeMakeDir function and extraction path validation process. An attacker can write arbitrary files outside the intended...

8.7CVSS6.5AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 8:27 p.m.6 views

Directory Traversal

Overview org.webjars.npm:decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Directory Traversal and link following during archive extraction, where symlink and hardlink entries are created without checking their targets and the...

9.1CVSS6.5AI score0.00588EPSS
Exploits0References4
CVE
CVE
added 2026/06/05 5:0 a.m.30 views

CVE-2026-10732

CVE-2026-10732 affects the decompress family (e.g., org.webjars.npm:decompress, decompress) with Zip Slip. All versions are vulnerable when extracting a ZIP containing two entries of the same path: the first a symlink to an arbitrary target and the second a regular file. due to microtask processi...

7.5CVSS6.5AI score0.00521EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-1238

Malware in sbrugna...

9.8CVSS8.6AI score0.02147EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 p.m.11 views

CVE-2020-12265

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

9.8CVSS6.7AI score0.02147EPSS
Exploits1
OSV
OSV
added 2020/09/03 9:16 p.m.16 views

GHSA-QGFR-5HQP-VRW9 Path Traversal in decompress

Versions of decompress prior to 4.2.1 are vulnerable to Arbitrary File Write. The package fails to prevent extraction of files with relative paths, allowing attackers to write to any folder in the system by including filenames containing../. Recommendation Upgrade to version 4.2.1 or later...

9.8CVSS7.1AI score0.02147EPSS
Exploits1References5
CNVD
CNVD
added 2020/04/27 12:0 a.m.3 views

decompress package path traversal vulnerability

decompress package is a decompression package. A path traversal vulnerability exists in decompress package versions prior to 4.2.1 Node.js. This vulnerability can be exploited to write arbitrary files with the help of the '... /' string to write arbitrary files...

9.8CVSS6.9AI score0.02147EPSS
Exploits1References1
Prion
Prion
added 2020/04/26 5:15 p.m.22 views

Directory traversal

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

7.5CVSS9.3AI score0.02147EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/04/26 4:46 p.m.30 views

CVE-2020-12265

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

9.5AI score0.02147EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/04/26 12:0 a.m.19 views

PT-2020-13083

Name of the Vulnerable Software and Affected Versions decompress versions prior to 4.2.1 Description The issue allows for Arbitrary File Write via ../ in an archive member when a symlink is used, due to Directory Traversal. This occurs because the package fails to prevent extraction of files with...

9.8CVSS7.5AI score0.02147EPSS
Exploits1References11
Rows per page
Query Builder