Jszip Project Jszip vulnerabilities
2 known vulnerabilities affecting jszip_project/jszip.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-48285HIGHCVSS 7.3fixed in 3.8.02023-01-29
CVE-2022-48285 [HIGH] CWE-22 CVE-2022-48285: loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
ghsanvdosv
CVE-2021-23413MEDIUMCVSS 5.3fixed in 3.7.0≥ unspecified, < 3.7.02021-07-25
CVE-2021-23413 [MEDIUM] CVE-2021-23413: This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object pr
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.
ghsanvdosv