Published: 25/07/2018 Updated: 16/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

adm-zip npm library prior to 0.4.9 is vulnerable to directory traversal, allowing malicious users to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adm-zip project adm-zip

Creating proof of concepts for some old CVEs

Vulnerability Research CVEs CVE-2018-6184 CVE-2011-2712 CVE-2018-3778 CVE-2018-1002204 Bonus Nextjs LFI

Proof of Concept of Zip Slip Vulnerability

ZipSlipNodeJS Proof of Concept of Zip Slip Vulnerability Vulnerability Description adm-zip npm library before 049 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a / (dot dot slash) in a Zip archive entry that is mishandled during extraction which will allow the attacker to overwrite important system files outside the desired extract

CWE-22 https://snyk.io/vuln/npm:adm-zip:20180415 https://snyk.io/research/zip-slip-vulnerability https://github.com/snyk/zip-slip-vulnerability https://github.com/cthackers/adm-zip/pull/212 https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25 http://www.securityfocus.com/bid/107001 https://nvd.nist.gov https://github.com/masasron/vulnerability-research

CVE-2018-1002204

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect