decompress-zip@0.0.8 vulnerabilities

Extract files from a ZIP archive

Direct Vulnerabilities

Known vulnerabilities in the decompress-zip package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Arbitrary File Write via Archive Extraction (Zip Slip)

decompress-zip extracts the contents of the ZIP archive file.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). The package will extract files outside of the scope of the specified target directory because there is no validation that file extraction stays within the defined target path.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade decompress-zip to version 0.2.2, 0.3.2 or higher.

<0.2.2 >=0.3.0 <0.3.2