node-unzip icon indicating copy to clipboard operation
node-unzip copied to clipboard

Published 20 hours ago verified publisher icon EvanOxfeld

Update fstream to a secure version

Open TomasBarry opened this issue 6 years ago • 5 comments

fstream has a vulnerability in versions lower than 1.0.12.

Remediation: Upgrade fstream to version 1.0.12 or later. For example:

fstream@^1.0.12:

  version "1.0.12"

WS-2019-0100 Vulnerable versions: < 1.0.12 Patched version: 1.0.12 Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.

TomasBarry avatar Jun 03 '19 13:06 TomasBarry

Is this project alive?

divanishyn avatar Sep 11 '19 12:09 divanishyn

@divanishyn, it doesn't appear to be maintained. Could be time to fork and have a maintained alternative.

TomasBarry avatar Sep 11 '19 13:09 TomasBarry

A drop in replacement that is actively maintained can be found here: https://www.npmjs.com/package/unzipper

ZJONSSON avatar Sep 11 '19 17:09 ZJONSSON

A drop in replacement that is actively maintained can be found here: https://www.npmjs.com/package/unzipper

I used this package in my project and there are no more security vulnerabilities.

tanmayghosh2507 avatar Sep 19 '19 23:09 tanmayghosh2507

@ZJONSSON @tanmayghosh2507 @TomasBarry thanks, unzipper works just fine!

divanishyn avatar Sep 23 '19 12:09 divanishyn