EUVD-2021-1773

Malware in sbrugna...

EUVD-2023-0314

Malicious code in bioql PyPI...

Security Bulletin: Due to use of Apache Derby, IBM Operations Analytics - Log Analysis is affected by Improperly Controlled Modification

Summary Package jszip is used by IBM Operations Analytics - Log Analysis as compression in web interface for Apache Derby. CVE-2021-23413. Vulnerability Details CVEID:CVE-2021-23413 DESCRIPTION: This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object...

Linux Distros Unpatched Vulnerability : CVE-2021-23413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returne...

SUSE CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition (ITNM).

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 22 4.2.0.22 Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the...

Security Bulletin: IBM Planning Analytics Workspace is affected but not considered vulnerable to multiple vulnerabilities

Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to multiple vulnerabilities based on current information, in the following 3rd-party components: Node.js word-wrap CVE-2023-26115, Node.js semver CVE-2022-25883, Node,js dicer, CVE-2022-24434, Redis...

Security Bulletin: IBM SPSS Analytic Server has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2022-48285)

Summary IBM SPSS Analytic Server has addressed multiple security vulnerabilities CVE-2022-48285, CVE-2022-48285 Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files...

RHEL 8 : jszip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - jszip: directory traversal via a crafted ZIP archive CVE-2022-48285 Note that Nessus has not tested for this issue...

Security Bulletin: There is a vulnerability in JSZip used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-48285)

Summary There is a vulnerability in JSZip used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when file...

Security Bulletin: There is a vulnerability in JSZip used by IBM Maximo Asset Management (CVE-2022-48285)

Summary There is a vulnerability in JSZip used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with loadAsync, which...

Security Bulletin: JSZip publicly disclosed vulnerability affects IBM Safer Payments (CVE-2022-48285)

Summary JSZip is used by IBM Safer Payments as part of the user interface. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when fil...

Oracle Primavera Unifier (Apr 2023 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management FreeType. Supported versions...

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote access due to JSZip X-Force ID: 244499

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote access due to JSZip X-Force ID: 244499 with details below. Vulnerability Details IBM X-Force ID: 244499 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure ...

Directory Traversal

jszip is vulnerable to Directory Traversal. The vulnerability exists as untrusted user input is not properly validated and/or sanitized, allowing an attacker to exploit the vulnerability via a crafted ZIP archive...

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.

...

CVE-2022-48285

A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from...

JSZip contains Path Traversal via loadAsync

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

GHSA-36FH-84J7-CV5H JSZip contains Path Traversal via loadAsync

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

-temp-electron-manager-somiibo (=0.0.200), 003-gas-convert (=1.0.1) +20149 more potentially affected by CVE-2022-48285 via jszip (>=0.2.1 <=3.7.1)

jszip NPM version =0.2.1, =0.2.13, =1.0.0, =4.3.4, =1.0.0, =1.0.4 - 3llm =0.0.1 - 3vot-clay =2.0.1 - 4xx =0.0.1 - 5-ifc-check-cli =1.0.0 and more Source cves: CVE-2022-48285 Source advisory: OSV:GHSA-36FH-84J7-CV5H...