CVE-2022-48285: JSZip contains Path Traversal via loadAsync
(updated )
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
References
- exchange.xforce.ibmcloud.com/vulnerabilities/244499
- github.com/Stuk/jszip
- github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15
- github.com/Stuk/jszip/compare/v3.7.1...v3.8.0
- github.com/advisories/GHSA-36fh-84j7-cv5h
- nvd.nist.gov/vuln/detail/CVE-2022-48285
- security.netapp.com/advisory/ntap-20240621-0005
- www.mend.io/vulnerability-database/WS-2023-0004
Detect and mitigate CVE-2022-48285 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →