We found results for “”
WS-2020-0044
Good to know:
Date: March 8, 2020
decompress in all its versions is vulnerable to arbitrary file write. the package fails to prevent an extraction of files with relative paths which allows attackers to write to any folder in the system.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Path Traversal
CWE-22Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | NONE |