Aviadatsnyk

**Name of the Vulnerable Software and Affected Versions** adm-zip versions prior to 0.4.9 **Description** The issue is related to a directory traversal vulnerability, also known as 'Zip-Slip', which allows attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This can be exploited by a remote attacker using a specially crafted archive, potentially leading to arbitrary code execution. The vulnerability is due to incorrect restriction of the directory path name in the extractDir function of the Adm-zip library for Node.js. **Recommendations** Update to version 0.4.9 or later. As a temporary workaround, consider restricting the use of the extractDir function until a patch is available. Avoid using the `adm-zip` library to extract archives from untrusted sources until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: unzipper versions prior to 0.8.13 Description: The issue allows attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction, also known as 'Zip-Slip'. This can occur when a specifically crafted archive containing path traversal filenames (e.g., `../../file.txt`) is extracted. Recommendations: Update to version 0.8.13 or later.

Name of the Vulnerable Software and Affected Versions: SharpZipLib versions prior to 1.0 RC1 Description: The issue allows attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction, also known as 'Zip-Slip'. Recommendations: For versions prior to 1.0 RC1, update to version 1.0 RC1 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing Zip archive entries to prevent directory traversal attacks. Restrict access to sensitive files and directories to minimize the risk of exploitation.