The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory.
{ "github_reviewed_at": "2022-01-31T19:55:36Z", "severity": "CRITICAL", "cwe_ids": [ "CWE-29", "CWE-668" ], "github_reviewed": true, "nvd_published_at": "2022-01-28T22:15:00Z" }