VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-jj8g-m3v9-b7h6

Essentials
Severities (15)
References (8)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jj8g-m3v9-b7h6
Aliases	CVE-2021-23484 GHSA-wxj7-97fp-j53j
Summary	Exposure of Resource to Wrong Sphere in Zip-Local
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-29	Path Traversal: '..filename'
CWE-668	Exposure of Resource to Wrong Sphere
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.0059	https://api.first.org/data/v1/epss?cve=CVE-2021-23484
epss	0.0059	https://api.first.org/data/v1/epss?cve=CVE-2021-23484
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-wxj7-97fp-j53j
cvssv3.1	9.8	https://github.com/Mostafa-Samir/zip-local
generic_textual	CRITICAL	https://github.com/Mostafa-Samir/zip-local
cvssv3.1	9.8	https://github.com/Mostafa-Samir/zip-local/blob/master/main.js%23L365
generic_textual	CRITICAL	https://github.com/Mostafa-Samir/zip-local/blob/master/main.js%23L365
cvssv3.1	9.8	https://github.com/Mostafa-Samir/zip-local/commit/6bb9b59733df379ac168aa705790bd8339b4bf9b
generic_textual	CRITICAL	https://github.com/Mostafa-Samir/zip-local/commit/6bb9b59733df379ac168aa705790bd8339b4bf9b
cvssv3.1	9.8	https://github.com/Mostafa-Samir/zip-local/commit/949446a95a660c0752b1db0c654f0fd619ae6085
generic_textual	CRITICAL	https://github.com/Mostafa-Samir/zip-local/commit/949446a95a660c0752b1db0c654f0fd619ae6085
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-23484
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2021-23484
cvssv3.1	9.8	https://snyk.io/vuln/SNYK-JS-ZIPLOCAL-2327477
generic_textual	CRITICAL	https://snyk.io/vuln/SNYK-JS-ZIPLOCAL-2327477

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2021-23484
		https://github.com/Mostafa-Samir/zip-local
		https://github.com/Mostafa-Samir/zip-local/blob/master/main.js%23L365
		https://github.com/Mostafa-Samir/zip-local/commit/6bb9b59733df379ac168aa705790bd8339b4bf9b
		https://github.com/Mostafa-Samir/zip-local/commit/949446a95a660c0752b1db0c654f0fd619ae6085
		https://snyk.io/vuln/SNYK-JS-ZIPLOCAL-2327477
CVE-2021-23484		https://nvd.nist.gov/vuln/detail/CVE-2021-23484
GHSA-wxj7-97fp-j53j		https://github.com/advisories/GHSA-wxj7-97fp-j53j

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Mostafa-Samir/zip-local

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Mostafa-Samir/zip-local/blob/master/main.js%23L365

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Mostafa-Samir/zip-local/commit/6bb9b59733df379ac168aa705790bd8339b4bf9b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Mostafa-Samir/zip-local/commit/949446a95a660c0752b1db0c654f0fd619ae6085

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-23484

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://snyk.io/vuln/SNYK-JS-ZIPLOCAL-2327477

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.69665
EPSS Score	0.0059
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:27:42.664137+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-wxj7-97fp-j53j	38.6.0