CVE-2022-48285
JSZip contains Path Traversal via loadAsync in npm/jszip
Identifiers
CVE-2022-48285, GHSA-36fh-84j7-cv5h
Package Slug
npm/jszip
Vulnerability
JSZip contains Path Traversal via loadAsync
Description
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
Affected Versions
All versions before 3.8.0
Solution
Upgrade to version 3.8.0 or above.
Last Modified
2023-02-02
| source |