Security Advisory

CVE-2021-23413

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-25 13:10:12
Last updated 2024-09-16 19:56:45
Assigner snyk
State PUBLISHED

Description

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.