#VU73970 Path traversal in JSZip - CVE-2022-48285

Cybersecurity Help s.r.o.

Published: 2023-03-23

Vulnerability identifier: #VU73970

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-48285

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
JSZip
Web applications / JS libraries

Vendor: Stuart Knightley

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to insufficient sanitization of user-supplied in the loadAsync() method. A remote attacker can pass a specially crafted ZIP archive to the application and overwrite arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

JSZip: 3.0.0 - 3.7.1

External links
https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0
https://www.mend.io/vulnerability-database/WS-2023-0004
https://exchange.xforce.ibmcloud.com/vulnerabilities/244499
https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Multiple vulnerabilities in Dell Storage Manager

IBM SPSS Analytic Server update for JSZip

Multiple vulnerabilities in IBM Planning Analytics Workspace

IBM Log Analysis update for Apache Ant

Multiple vulnerabilities in IBM UrbanCode Build

Multiple vulnerabilities in Oracle Financial Services Model Management and Governance

Multiple vulnerabilities in Oracle Business Intelligence Enterprise Edition

Multiple vulnerabilities in Primavera Gateway

Multiple vulnerabilities in Siemens SIMATIC MV500 Devices