Description loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. Remediation References CVE-2022-48285 Related Vulnerabilities Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4054) WordPress Plugin Testimonial Multiple Vulnerabilities (2.2) WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10) WordPress Plugin Quick Restaurant Menu Multiple Vulnerabilities (2.0.2) WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0198) Severity High Classification CVE-2022-48285 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Tags Missing Update Known Vulnerabilities