) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:jszip_project:jszip:2.4.0:*:*:*:*:node.js:*:*
- CPE Name Search: true
There are 2 matching records.
Displaying matches 1 through 2.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-48285 |
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. Published: January 29, 2023; 12:15:10 AM -0500 |
V3.1: 7.3 HIGH V2.0:(not available) |
| CVE-2021-23413 |
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance. Published: July 25, 2021; 9:15:07 AM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |