Lucene search
K

54 matches found

OSV
OSV
added 2023/01/29 6:30 a.m.31 views

GHSA-36FH-84J7-CV5H JSZip contains Path Traversal via loadAsync

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS6.9AI score0.01411EPSS
Exploits0References7
NVD
NVD
added 2023/01/29 5:15 a.m.23 views

CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7AI score0.01411EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/01/29 5:15 a.m.1 views

CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.1AI score0.01411EPSS
Exploits0References6
OSV
OSV
added 2023/01/29 5:15 a.m.8 views

AZL-57076 CVE-2022-48285 affecting package beust-jcommander 2.0-1

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.2AI score0.01411EPSS
Exploits0References1
OSV
OSV
added 2023/01/29 5:15 a.m.10 views

AZL-38236 CVE-2022-48285 affecting package mozjs for versions less than 102.15.1-1

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.2AI score0.01411EPSS
Exploits0References1
Prion
Prion
added 2023/01/29 5:15 a.m.29 views

Directory traversal

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.5CVSS6.8AI score0.01411EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/01/29 5:15 a.m.2 views

UBUNTU-CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.2AI score0.01411EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/01/29 5:15 a.m.27 views

CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.1AI score0.01411EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/01/29 12:0 a.m.25 views

CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.2AI score0.01411EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/29 12:0 a.m.3 views

jszip 路径遍历漏洞

jszip is a JavaScript library for creating, reading and editing .zip files. A security vulnerability exists in jszip versions prior to 3.8.0, which stems from allowing directory traversal through a crafted ZIP archive...

7.3CVSS7.9AI score0.01411EPSS
Exploits0References6
OSV
OSV
added 2023/01/29 12:0 a.m.26 views

CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS6.9AI score0.01411EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/01/29 12:0 a.m.22 views

CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

6.6AI score0.01411EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/01/29 12:0 a.m.32 views

CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.6AI score0.01411EPSS
Exploits0
CVE
CVE
added 2023/01/29 12:0 a.m.230 views

CVE-2022-48285

CVE-2022-48285 affects JSZip: the loadAsync function in JSZip before 3.8.0 can be exploited to perform a directory traversal via crafted ZIP archives, enabling access to files outside the target directory. Remediation: upgrade to JSZip 3.8.0 or later, which fixes the issue.

7.3CVSS6.8AI score0.01411EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/14 12:0 a.m.9 views

The vulnerability of the Jszip zip file processing library, related to improper code generation, allows a hacker to cause a service failure.

The vulnerability of the Jszip zip file processing library is related to incorrect handling of file names. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

5.3CVSS6.3AI score0.03307EPSS
Exploits1References9Affected Software3
Positive Technologies
Positive Technologies
added 2022/03/30 12:0 a.m.3 views

PT-2022-6761 · Jszip +1 · Jszip +1

Name of the Vulnerable Software and Affected Versions: JSZip versions prior to 3.8.0 Description: The issue is related to the loadAsync function in JSZip, which allows directory traversal via a crafted ZIP archive. This can be exploited by a remote attacker to write arbitrary files and execute...

7.5CVSS9.1AI score0.01411EPSS
Exploits0References21
Node.js
Node.js
added 2021/08/10 4:10 p.m.71 views

Prototype Pollution

Overview Affected versions of jszip have a prototype pollution vulnerability. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance. Recommendation Upgrade to version 3.7.0 or later References...

5CVSS3.6AI score0.03307EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/10 4:2 p.m.48 views

jszip Vulnerable to Prototype Pollution

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...

5.3CVSS5.8AI score0.03307EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2021/08/10 4:2 p.m.34 views

GHSA-JG8V-48H5-WGXG jszip Vulnerable to Prototype Pollution

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...

5.3CVSS5.3AI score0.03307EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2021/08/10 4:2 p.m.5 views

1st-20200429 (=1.1.0), 3vot-clay (=2.0.1) +1817 more potentially affected by CVE-2021-23413 via jszip (>=0.2.1 <=2.6.1)

jszip NPM version =0.2.1, =0.3.1, =4.0.1, =1.0.2, =1.0.0, =1.0.1, =1.4.11-bleeding.0, =0.0.1, =1.0.0, =2.5.1, =0.0.1, =0.1.2 and more Source cves: CVE-2021-23413 Source advisory: OSV:GHSA-JG8V-48H5-WGXG...

5.3CVSS6.3AI score0.03307EPSS
Exploits1
Rows per page
Query Builder