0.004 Low
EPSS
Percentile
73.5%
zip-local is vulnerable to arbitrary file write (aka) zip-slip vulnerability. The unsynchronously unzipping leads to extraction of a malicious file outside the intended extraction directory.
github.com/Mostafa-Samir/zip-local/blob/master/main.js#L365
github.com/Mostafa-Samir/zip-local/blob/master/main.js%23L365
github.com/Mostafa-Samir/zip-local/commit/949446a95a660c0752b1db0c654f0fd619ae6085