QID 983429
QID 983429: Nodejs (npm) Security Update for adm-zip (GHSA-3v6h-hqm4-2rg6)
Versions of `adm-zip` before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (`../../file.txt` for example).
## Recommendation
Update to version 0.4.9 or later.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-3v6h-hqm4-2rg6 for updates pertaining to this vulnerability.
Vendor References
- GHSA-3v6h-hqm4-2rg6 -
github.com/advisories/GHSA-3v6h-hqm4-2rg6
CVEs related to QID 983429
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-3v6h-hqm4-2rg6 | adm-zip |
|