EUVD-2022-1241

Malicious code in bioql PyPI...

Exposure of Resource to Wrong Sphere in Zip-Local

The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...

GHSA-WXJ7-97FP-J53J Exposure of Resource to Wrong Sphere in Zip-Local

The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...

@webiny/api-page-builder (>=0.0.0-mt-1 <=5.21.0-beta.0), @webiny/api-page-builder-import-export (>=0.0.0-mt-1 <=5.21.0-beta.0) +5 more potentially affected by CVE-2021-23484 via zip-local (=0.3.4)

zip-local NPM version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on zip-local and may be impacted: - @webiny/api-page-builder =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.1.0, =0.0.2, =0.0.7 Source cves: CVE-2021-23484...

Arbitrary File Write

zip-local is vulnerable to arbitrary file write aka zip-slip vulnerability. The unsynchronously unzipping leads to extraction of a malicious file outside the intended extraction directory...

Directory traversal

The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...

CVE-2021-23484

The CVE-2021-23484 entry concerns the zip-local package prior to version 0.3.5, vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). The issue enables extraction of crafted files outside the intended directory during archive extraction. This is documented across multiple sources ...

zip-local 路径遍历漏洞

Zip-Local is a very simple compression /Uzipping local files and directories in nodes .Js by Mostafa Samir Personal Developer. A security vulnerability exists in versions of zip-local prior to 0.3.5, which allows for arbitrary file write attacks...

PT-2022-9401 · Zip-Local · Zip-Local

Name of the Vulnerable Software and Affected Versions: zip-local versions prior to 0.3.5 Description: The issue allows for Arbitrary File Write via Archive Extraction, also known as Zip Slip, which can lead to the extraction of a crafted file outside the intended extraction directory. This can...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview zip-local is a to zip and unzip local directories Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory. PoC: js var zipper = require'zip-local';...

@webiny/api-page-builder (>=0.0.0-mt-1 <=5.21.0-beta.0), @webiny/api-page-builder-import-export (>=0.0.0-mt-1 <=5.21.0-beta.0) +5 more potentially affected by CVE-2021-23484 via zip-local (=0.3.4)

zip-local NPM version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on zip-local and may be impacted: - @webiny/api-page-builder =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.0.0-mt-1, =0.1.0, =0.0.2, =0.0.7 Source cves: CVE-2021-23484...

in mostafa-samir/zip-local

Description zip-local is vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Proof of Concept // PoC.js var zipper = require'zip-local'; zipper.unzip"zipslip.zip", functionerror, unzipped if!error // extract to the current working directory unzipped.savenull, function ; var...