Skip to main content

Appium Support

1 CVEs product

Monthly

CVE-2026-30973 npm MEDIUM PATCH This Month

Appium's ZIP extraction function in @appium/support versions prior to 7.0.6 fails to properly enforce path traversal protections, allowing attackers to extract malicious ZIP files that write arbitrary files outside the intended directory. The vulnerability stems from an Error object that is created but never thrown, enabling Zip Slip attacks across all JavaScript-based extraction operations. An attacker can exploit this by crafting a malicious ZIP archive to overwrite sensitive files on systems using affected versions.

Path Traversal Appium Support
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Appium's ZIP extraction function in @appium/support versions prior to 7.0.6 fails to properly enforce path traversal protections, allowing attackers to extract malicious ZIP files that write arbitrary files outside the intended directory. The vulnerability stems from an Error object that is created but never thrown, enabling Zip Slip attacks across all JavaScript-based extraction operations. An attacker can exploit this by crafting a malicious ZIP archive to overwrite sensitive files on systems using affected versions.

Path Traversal Appium Support
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy