The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| zip-local(npm) | 0 | 0.3.5 | N/A |
CVSS Metrics
