Ready-Research

**Name of the Vulnerable Software and Affected Versions** Bytecode Viewer (BCV) versions prior to 2.11.0 **Description** The issue concerns Arbitrary File Write via Archive Extraction, also known as "Zip Slip". This is exploited using a specially crafted archive that holds directory traversal filenames, such as ../../evil.exe. The vulnerability can affect numerous archive formats, including zip, jar, tar, war, cpio, apk, rar, and 7z. An attacker can overwrite executable files, achieving remote command execution on the victim's machine by either invoking them remotely or waiting for the system or user to call them. In a web application context, a web shell could be placed within the application directory to achieve code execution. The impact allows an attacker to create or overwrite existing files on the filesystem. **Recommendations** For versions prior to 2.11.0, upgrade to BCV v2.11.0 to receive a patch. There are no recommended workarounds aside from upgrading.

**Name of the Vulnerable Software and Affected Versions** set-value versions prior to 2.0.1 set-value versions 3.0.0 through 4.0.0 **Description** The issue is related to a type confusion vulnerability in the set-value module, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability can be triggered when user-provided keys used in the `path` parameter are arrays. **Recommendations** For set-value versions prior to 2.0.1, update to version 2.0.1 or later. For set-value versions 3.0.0 through 4.0.0, update to version 4.0.1 or later. As a temporary workaround, consider restricting the use of the `path` parameter to minimize the risk of exploitation. Avoid using array values for the `path` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** URI.js versions prior to 1.19.7 **Description** The issue allows URL redirection to untrusted sites by using a combination of backslash (``) and slash (`/`) characters as part of the scheme delimiter. This can lead to incorrect security decisions if the hostname is used in such decisions. Impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. For example, a URL like `https:///expected-example.com/path` can be used to spoof the hostname. **Recommendations** For versions prior to 1.19.7, update to version 1.19.7 or later to patch the issue. As a temporary workaround, consider validating URLs manually to prevent incorrect hostname parsing until the update is applied. Restrict access to sensitive areas that rely on the hostname for security decisions to minimize the risk of exploitation.