CVE-2018-1002203

CVE-2018-1002203

Vendor Node.js
Product unzipper
Weakness CWE-22 · Path traversal
Published July 25, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Key dates

02Disclosure timeline

July 25, 2018 CVE published
September 16, 2024 Record updated