loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/244499 | Third Party Advisory VDB Entry |
https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15 | Patch Third Party Advisory |
https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240621-0005/ | |
https://www.mend.io/vulnerability-database/WS-2023-0004 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-01-29T00:00:00
Updated: 2024-06-21T19:08:52.646609
Reserved: 2023-01-29T00:00:00
Link: CVE-2022-48285
JSON object: View
NVD Information
Status : Modified
Published: 2023-01-29T05:15:10.070
Modified: 2024-06-21T19:15:24.193
Link: CVE-2022-48285
JSON object: View
Redhat Information
No data.
CWE