Vulnerabilities
Vulnerable Software
Max-Mapper:  >> Extract-Zip  Security Vulnerabilities
extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files.
CVSS Score
8.6
EPSS Score
0.003
Published
2026-06-26


Contact Us

Shodan ® - All rights reserved