All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.
Metrics
Affected Vendors & Products
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 10 Oct 2025 05:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations. | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: snyk
Published:
Updated: 2025-10-10T05:00:06.193Z
Reserved: 2025-10-09T16:14:25.738Z
Link: CVE-2025-11569

No data.

Status : Received
Published: 2025-10-10T05:15:32.190
Modified: 2025-10-10T05:15:32.190
Link: CVE-2025-11569

No data.

No data.