webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

Severity:: Medium

Description

An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature.

Recommendation

Update the webcrack package to the latest compatible version. Followings are version details:

Affected version(s): <= 2.14.0
Patched version(s): 2.14.1

References

GHSA-ccqh-278p-xq6w
CVE-2024-43373
CWE-20
CWE-22
CAPEC-310
OWASP 2021-A1
OWASP 2021-A3
OWASP 2021-A6

Related Issues

VvvebJs Arbitrary File Upload vulnerability - CVE-2024-29272
@appium/support has a Zip Slip arbitrary file write in its ZIP extraction - CVE-2026-30973
ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction - CVE-2026-32731
Rollup 4 has Arbitrary File Write via Path Traversal - CVE-2026-27606

Tags:: npm; webcrack

Anything's wrong? Let us know Last updated on November 18, 2024