N/A

adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

N/A

对路径名的限制不恰当(路径遍历)

adm-zip npm library 路径遍历漏洞

adm-zip npm library是一个基于Node.js的允许用户在内存或磁盘中创建、提取zip文件的JavaScript实现。 adm-zip npm library 0.4.9之前版本中存在目录遍历漏洞。攻击者可借助带有目录遍历名称的特制的zip归档文件利用该漏洞写入任意文件。

N/A

N/A