cthackers/adm-zip

Releases40

Frequency1 month 2 weeks

Last Release 2 months ago

Stars2.17K

A Javascript implementation of zip for nodejs. Allows user to create or extract zip files both in memory or to/from disk

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-1002204 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	5.5 MEDIUM	4.3 MEDIUM
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.