Filtered by vendor Jszip Project Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-48285 2 Jszip Project, Redhat 2 Jszip, Rhmt 2024-11-21 7.3 High
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
CVE-2021-23413 1 Jszip Project 1 Jszip 2024-11-21 5.3 Medium
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.