The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
Vulnerable Package issue exists @ Npm-adm-zip-0.4.4 in branch master
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Vulnerable Package issue exists @ Npm-adm-zip-0.4.4 in branch master
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Namespace: RobertMickleCx Repository: NodeGoat Repository Url: https://github.com/RobertMickleCx/NodeGoat CxAST-Project: RobertMickleCx/NodeGoat CxAST platform scan: e7941f4d-fb14-4e6e-9cdc-c12dbbe3cdc7 Branch: master Application: NodeGoat Severity: MEDIUM State: NOT_IGNORED Status: RECURRENT CWE: CWE-22
Additional Info Attack vector: LOCAL Attack complexity: LOW Confidentiality impact: NONE Availability impact: NONE
References Disclosure POC/Exploit Pull request Commit Issue Pull request Commit Advisory Advisory Advisory