decompress is vulnerable to path traversal. The vulnerability exists due to a zip slip vulnerability. Improper handling of archives containing files that has ../
in its names allows the files to be written out of the intended path.
CPE | Name | Operator | Version |
---|---|---|---|
decompress | le | 4.2.0 | |
decompress | eq | 2.1.1 | |
decompress | le | 0.2.4-1 |