Dave Holoway

**Name of the Vulnerable Software and Affected Versions** jszip versions prior to 3.7.0 **Description** The issue is related to the incorrect handling of file names in the jszip library. It allows a remote attacker to cause a denial of service by crafting a new zip file with filenames set to Object prototype values, such as ` proto ` or `toString`, resulting in a returned object with a modified prototype instance. **Recommendations** For versions prior to 3.7.0, update to version 3.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the jszip library until a patch is applied. Avoid using the jszip library to process zip files with filenames that could be set to Object prototype values.