vulnerability in WebClients Project

While working in WebClient Project cross-zip package, I discovered a Directory Traversal vulnerability that allows unauthorized access to sensitive system files. The issue occurs due to improper handling of file paths in the zipSync() and unzipSync() functions, where user-controlled input can lead to reading or writing files outside the intended directory.

[CVE Link](https://vulert.com/vuln-db/CVE-2025-11569)
[CVE Report](https://vulert.com/vuln-scan/list/16a8b5fa-2f6b-4245-8591-d6f205ca5324?sort_order=desc&sort_by=created_at)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

vulnerability in WebClients Project #465

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

vulnerability in WebClients Project #465

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions