Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-gj5f-73vh-wpf7 | Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
No reference.
Thu, 30 Oct 2025 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-22 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Thu, 30 Oct 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 30 Oct 2025 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations. | This record was withdrawn by its CNA; further investigation revealed it was not a security issue. |
| Metrics |
cvssV3_1
|
cvssV3_1
|
Fri, 10 Oct 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 10 Oct 2025 05:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations. | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: REJECTED
Assigner: snyk
Published:
Updated: 2025-10-30T15:59:03.463Z
Reserved: 2025-10-09T16:14:25.738Z
Link: CVE-2025-11569
Updated:
Status : Rejected
Published: 2025-10-10T05:15:32.190
Modified: 2025-10-30T16:15:34.297
Link: CVE-2025-11569
No data.
OpenCVE Enrichment
No data.
Github GHSA