The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory.
{ "github_reviewed_at": "2022-01-31T19:55:36Z", "nvd_published_at": "2022-01-28T22:15:00Z", "github_reviewed": true, "cwe_ids": [ "CWE-29", "CWE-668" ], "severity": "CRITICAL" }