JSZip Directory Traversal Vulnerability Allowing Zip Slip Attacks
Vulnerability
A directory traversal vulnerability has been identified in JSZip versions prior to 3.8.0. The issue arises in the 'loadAsync' function, where filenames are not properly sanitized when extracting files from a ZIP archive. This flaw makes the library susceptible to a Zip Slip attack, allowing an attacker to access files outside the intended directory, overwrite executable files, and execute arbitrary commands on the system.
Impact
Exploitation of this vulnerability could lead to unauthorized access to the file system, allowing for overwriting of executable files and execution of arbitrary commands.
Reproduction
The vulnerability can be reproduced by loading a ZIP file with relative paths that traverse directories, using the 'loadAsync' method in a version of JSZip prior to 3.8.0. After the ZIP file is loaded, the unsanitized original filenames can be accessed, potentially leading to a Zip Slip attack.
Remediation
Users are advised to upgrade to JSZip version 3.8.0 or later, available from the JSZip GitHub Repository.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.