High severityNVD Advisory· Published Aug 30, 2023· Updated Oct 1, 2024
CVE-2023-39137
CVE-2023-39137
Description
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
archivePub | < 3.3.8 | 3.3.8 |
Affected products
2- Archive/Archivedescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-r285-q736-9v95ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-39137ghsaADVISORY
- blog.ostorlab.co/zip-packages-exploitation.htmlghsaWEB
- github.com/brendan-duncan/archive/commit/0d17b270a3c33d3bed56cadd9a43da7717ab11f4ghsaWEB
- github.com/brendan-duncan/archive/issues/266ghsaWEB
- ostorlab.co/vulndb/advisory/OVE-2023-3ghsaWEB
- www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_name_spoofingghsaWEB
- www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_name_spoofing/mitre
News mentions
0No linked articles in our index yet.