Advisories for Npm/Decompress-Zip package

2020

Arbitrary File Overwrite in decompress-zip

Vulnerable versions of decompress-zip are affected by the Zip-Slip vulnerability, an arbitrary file write vulnerability. The vulnerability occurs because decompress-zip does not verify that extracted files do not resolve to targets outside of the extraction root directory. For decompress-zip upgrade to or later. For decompress-zip upgrade to or later.