Snyk Report - (decompress-tar@4.1.1), Arbitrary File Write via Archive Extraction (Zip Slip) #588

BrettFieber · 2023-09-20T14:33:59Z

This is a Bug(security) Report

Description

Snyk (https://snyk.io/) is reporting a security issue with serverless-step-functions@3.15.0 due to a dependency on decompress@4.2.1 => decompress-tar@4.1.1

https://security.snyk.io/vuln/SNYK-JS-DECOMPRESSTAR-559095

Additional Data

Serverless Framework Core Version you're using: 2.72.4
The Plugin Version you're using: 3.15.0
Operating System: windows/linux

horike37 added the help wanted label Sep 20, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Snyk Report - (decompress-tar@4.1.1), Arbitrary File Write via Archive Extraction (Zip Slip) #588

Snyk Report - (decompress-tar@4.1.1), Arbitrary File Write via Archive Extraction (Zip Slip) #588

BrettFieber commented Sep 20, 2023 •

edited

Snyk Report - (decompress-tar@4.1.1), Arbitrary File Write via Archive Extraction (Zip Slip) #588

Snyk Report - (decompress-tar@4.1.1), Arbitrary File Write via Archive Extraction (Zip Slip) #588

Comments

BrettFieber commented Sep 20, 2023 • edited

This is a Bug(security) Report

Description

Additional Data

BrettFieber commented Sep 20, 2023 •

edited