Approved changes feed: RSS · Atom
cpe:2.3:a:@appium:support:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | @Appium (ead525b5-0787-5cc8-8ca2-fa9a25fb235f) |
|---|---|
| Product | Support (42b59121-3b2b-52a4-ae6f-b515c1e0e2d3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-30973 |
vulnerable | 2026-06-03 15:19:26.211483 |
Zip Slip arbitrary file write in @appium/support ZIP extraction
MEDIUM (6.5)
Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation (extractAllTo() via ZipExtractor.extract()) with a path traversal (Zip Slip) check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with ../ path components to write files outside the intended destination directory. This affects all JS-based extractions (the default code path), not only those using the fileNamesEncoding option. This vulnerability is fixed in 7.0.6.
Published: 2026-03-10T17:33:41.009Z
Updated: 2026-03-12T14:25:09.401Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.