Description loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. Remediation References CVE-2022-48285 Related Vulnerabilities Moodle Improper Input Validation Vulnerability (CVE-2012-6087) WordPress Plugin YITH Custom Thank You Page for Woocommerce Security Bypass (1.1.6) MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0047) Internet Information Services Other Vulnerability (CVE-2000-0114) Oracle Database Server CVE-2007-5514 Vulnerability (CVE-2007-5514) Severity High Classification CVE-2022-48285 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Tags Missing Update Known Vulnerabilities