Home > Vulnerability Database > WS-2020-0044

Mend.io Vulnerability Database

WS-2020-0044

Good to know:

Date: March 8, 2020

decompress in all its versions is vulnerable to arbitrary file write. the package fails to prevent an extraction of files with relative paths which allows attackers to write to any folder in the system.

Language: JS

Severity Score

7.5

Related Resources (2)

Url: https://github.com/kevva/decompress/issues/71

Url: https://www.mend.io/vulnerability-database/WS-2020-0044

Severity Score

7.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version 4.2.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2020-0044

Good to know:

Date: March 8, 2020

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?