Vulnerabilities (CVE)

Filtered by vendor Jszip Project Subscribe
Filtered by product Jszip
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-48285 1 Jszip Project 1 Jszip 2024-11-21 N/A 7.3 HIGH
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
CVE-2021-23413 1 Jszip Project 1 Jszip 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.