EPSS
Percentile
78.9%
decompress is vulnerable to path traversal. The vulnerability exists due to a zip slip vulnerability. Improper handling of archives containing files that has ../ in its names allows the files to be written out of the intended path.
../
github.com/kevva/decompress/commit/3788e0366bf2811a13e371a8cb04ebc6c3c356ef
github.com/kevva/decompress/commit/8850e7ec79bb0cbbdb9955c9edef7ad36114ee51
github.com/kevva/decompress/issues/71
github.com/kevva/decompress/pull/73
www.npmjs.com/advisories/1217