Jiahao42

**Name of the Vulnerable Software and Affected Versions** Nim-lang versions all **Description** A vulnerability allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. **Recommendations** For Nim-lang versions all, consider restricting the handling of zip files with dot-slash characters in file names to prevent arbitrary file writing until a patch is available. As a temporary workaround, consider validating and sanitizing zip file contents before processing them.

**Name of the Vulnerable Software and Affected Versions** Kuba versions all **Description** A vulnerability allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives. **Recommendations** For all versions, consider restricting the handling of .zip archives until a proper fix is applied, and ensure that file paths are properly validated to prevent arbitrary file overwrites.