Bluesquare1

**Name of the Vulnerable Software and Affected Versions** Zip Swift version 2.1.2 **Description** The issue allows attackers to execute a path traversal attack via a crafted zip entry. This enables attackers to potentially access or modify files outside the intended directory, posing a security risk. **Recommendations** For Zip Swift version 2.1.2, consider restricting the handling of crafted zip entries to minimize the risk of path traversal attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ZipArchive version 2.5.4 **Description** The issue is related to an unhandled edge case in the ` sanitizedPath` component of ZipArchive, which allows attackers to cause a Denial of Service (DoS) by using a crafted zip file. **Recommendations** For ZipArchive version 2.5.4, consider avoiding the use of the ` sanitizedPath` component until a patch is available. As a temporary workaround, restrict the handling of crafted zip files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Archive version 3.3.7 **Description** The issue allows attackers to spoof zip filenames, leading to inconsistent filename parsing. **Recommendations** For Archive version 3.3.7, consider restricting the parsing of zip filenames to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ZIPFoundation version 0.9.16 **Description** An issue in ZIPFoundation allows attackers to execute a path traversal via extracting a crafted zip file. **Recommendations** For ZIPFoundation version 0.9.16, update to a version that fixes this issue, as the current version allows attackers to execute a path traversal attack by extracting a crafted zip file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Archive version 3.3.7 **Description** The issue allows attackers to execute a path traversal via extracting a crafted zip file. **Recommendations** For Archive version 3.3.7, update to a version that fixes this issue to prevent path traversal attacks.