Miggo Logo
Miggo Vulnerability Database
GHSA-6jrj-vc65-c983

GHSA-6jrj-vc65-c983: unzip-stream allows Arbitrary File Write via artifact extraction

7.5

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-6jrj-vc65-c983
EPSS Score
-
CWE
CWE-22
Published
8/26/2024
Updated
8/26/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
unzip-streamnpm< 0.3.20.3.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient path sanitization in the _prepareOutStream method. The commit diff shows the critical fix was modifying the path sanitization regex pattern in this function. The original regex (^([/\][.]+[/\]+)[/\]*) only removed leading dot/slash sequences, while the patched regex ((?<=^|[/\]+)[.][.]+(?=[/\]+|$)) specifically targets and replaces parent directory traversal sequences anywhere in the path. This function directly handles path normalization before file extraction, making it the vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t W**n usin* t** `*xtr**t()` m*t*o* o* unzip-str**m, m*li*ious zip *il*s w*r* **l* to writ* to p*t*s t**y s*oul*n't ** *llow** to. ### P*t***s *ix** in *.*.* ### R***r*n**s - *ttps://snyk.io/r*s**r**/zip-slip-vuln*r**ility - *ttps://*it

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt p*t* s*nitiz*tion in t** _pr*p*r*OutStr**m m*t*o*. T** *ommit *i** s*ows t** *riti**l *ix w*s mo*i*yin* t** p*t* s*nitiz*tion r***x p*tt*rn in t*is *un*tion. T** ori*in*l r***x (^([/\\]*[.]+[/\\]+)*[/\\]*) on