adm-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory.
CPE | Name | Operator | Version |
---|---|---|---|
adm-zip | le | 0.4.7 | |
adm-zip | eq | 0.4.4 | |
adm-zip-mit | le | 0.4.9 | |
adm-zip-iconv | le | 0.4.9 | |
adm-zip-electron | eq | 0.4.7 | |
adm-zip-with-enc | le | 0.4.8 |