Description loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. Remediation References CVE-2022-48285 Related Vulnerabilities WordPress Plugin WP Statistics Cross-Site Scripting (12.6.5) Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21692) PHP Improper Input Validation Vulnerability (CVE-2016-3185) WordPress Improper Privilege Management Vulnerability (CVE-2020-28036) MySQL CVE-2020-14567 Vulnerability (CVE-2020-14567) Severity High Classification CVE-2022-48285 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Tags Missing Update Known Vulnerabilities