You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We also got this finding from Mend. @kevva or @trptcolin or @sindresorhus can you provide some information about this? Thanks :-)
Proposed fix in this repo which was declined: fixed path traversal issue #12
"I think the fix belongs in the main project https://github.com/kevva/decompress
This issue doesn’t just affect tarfiles, but archives in general (including zip, where the zip-slip vulnerability gets its name). So
similar fixes would be needed to decompress-unzip, etc. - or the check could be centralized."
how to prove decompress-4.2.1 is not vulnerable?
The text was updated successfully, but these errors were encountered: