The decompress package prior to 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
decompress project decompress |