GHSA-6jrj-vc65-c983: unzip-stream allows Arbitrary File Write via artifact extraction
When using the Extract() method of unzip-stream, malicious zip files were able to write to paths they shouldn’t be allowed to.
References
- github.com/advisories/GHSA-6jrj-vc65-c983
- github.com/mhr3/unzip-stream
- github.com/mhr3/unzip-stream/commit/ab67989719abb4dcc774d02de266151905b8d45a
- github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2
- github.com/mhr3/unzip-stream/security/advisories/GHSA-6jrj-vc65-c983
- snyk.io/research/zip-slip-vulnerability
Detect and mitigate GHSA-6jrj-vc65-c983 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →