#VU73970 Path traversal in JSZip


Vulnerability identifier: #VU73970

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48285

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
JSZip
Web applications / JS libraries

Vendor: Stuart Knightley

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to insufficient sanitization of user-supplied in the loadAsync() method. A remote attacker can pass a specially crafted ZIP archive to the application and overwrite arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

JSZip: 3.0.0 - 3.7.1

External links
http://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0
http://www.mend.io/vulnerability-database/WS-2023-0004
http://exchange.xforce.ibmcloud.com/vulnerabilities/244499
http://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Planning Analytics Workspace
IBM Log Analysis update for Apache Ant
Multiple vulnerabilities in IBM UrbanCode Build
Multiple vulnerabilities in Oracle Financial Services Model Management and Governance
Multiple vulnerabilities in Oracle Business Intelligence Enterprise Edition
Multiple vulnerabilities in Primavera Gateway
Multiple vulnerabilities in Siemens SIMATIC MV500 Devices
Path traversal in IBM Maximo Manage application in IBM Maximo Application Suite
Path traversal in IBM Maximo Asset Management
Path traversal in IBM Safer Payments