plrthink
commented
1 year ago Thanks for notifying the issue, I would upgrade it in the next release.
Closed Udbhav12 closed 1 year ago
plrthink
commented
1 year ago Thanks for notifying the issue, I would upgrade it in the next release.
plrthink
commented
1 year ago You can try 6.0.9-beta.0 to test your needs. Any feedback is appreciated.
plrthink
commented
1 year ago Just published the fix in 6.0.9.
Describe the bug As per https://github.com/mockingbot/react-native-zip-archive/blob/v6.0.8/android/build.gradle#L40
react-native-zip-archiveis currently using 2.6.4 version ofzip4j. There is a security issue which has been patched in 2.10.0 version of zip4j Refer to below link for more details https://github.com/advisories/GHSA-q62h-jw38-24vhTo Reproduce NA
Expected behavior No security vulnerability
Env (please complete the following information): Package Version: - 6.0.8
Additional context Below is the CVE ID https://nvd.nist.gov/vuln/detail/CVE-2022-24615