Skip to content

Snyk Report - (decompress-tar@4.1.1), Arbitrary File Write via Archive Extraction (Zip Slip) #588

@BrettFieber

Description

@BrettFieber

This is a Bug(security) Report

Description

Snyk (https://snyk.io/) is reporting a security issue with serverless-step-functions@3.15.0 due to a dependency on decompress@4.2.1 => decompress-tar@4.1.1

https://security.snyk.io/vuln/SNYK-JS-DECOMPRESSTAR-559095

Additional Data

  • Serverless Framework Core Version you're using: 2.72.4
  • The Plugin Version you're using: 3.15.0
  • Operating System: windows/linux

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @horike37@BrettFieber

        Issue actions

          Snyk Report - (decompress-tar@4.1.1), Arbitrary File Write via Archive Extraction (Zip Slip) · Issue #588 · serverless-operations/serverless-step-functions