CVE-2025-11569
Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations
描述
### Withdrawn Advisory This advisory has been withdrawn because it does not discuss a valid vulnerability. This link is maintained to preserve external references. ### Original Description All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.
如何修補 CVE-2025-11569
目前尚未發布修補版本。可考慮移除受影響套件,或參考下方連結中的上游建議。
- npm/cross-zip—未列出修補版本
CVE-2025-11569 正在被利用嗎?
目前沒有被利用訊號。CVE-2025-11569 既不在 CISA KEV 也沒有最新的 EPSS 分數。
受影響套件(1)
- from 0, <= 4.0.1