You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
yauzl-promise does not recursively unzip ZIPs within ZIPs, so it not vulnerable to the infamous 42.zip ZIP bomb.
However, there are other bomb-making approaches for which yauzl-promise (along with most unzip implementations, I imagine) is vulnerable to, but could be protected against.
yauzl-promisedoes not recursively unzip ZIPs within ZIPs, so it not vulnerable to the infamous 42.zip ZIP bomb.However, there are other bomb-making approaches for which
yauzl-promise(along with most unzip implementations, I imagine) is vulnerable to, but could be protected against.e.g. https://www.bamsoftware.com/hacks/zipbomb/
The text was updated successfully, but these errors were encountered: