Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations
Withdrawn Advisory This advisory has been withdrawn because it does not discuss a valid vulnerability. This link is maintained to preserve external references. Original Description All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.