QID 981891
QID 981891: Nodejs (npm) Security Update for decompress (GHSA-qgfr-5hqp-vrw9)
Versions of `decompress` prior to 4.2.1 are vulnerable to Arbitrary File Write. The package fails to prevent extraction of files with relative paths, allowing attackers to write to any folder in the system by including filenames containing`../`.
## Recommendation
Upgrade to version 4.2.1 or later.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-qgfr-5hqp-vrw9 for updates pertaining to this vulnerability.
Vendor References
- GHSA-qgfr-5hqp-vrw9 -
github.com/advisories/GHSA-qgfr-5hqp-vrw9
CVEs related to QID 981891
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-qgfr-5hqp-vrw9 | decompress |
|