High severity7.8NVD Advisory· Published Aug 30, 2023· Updated Jun 17, 2026
CVE-2023-39138
CVE-2023-39138
Description
An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/weichsel/ZIPFoundationSwiftURL | < 0.9.18 | 0.9.18 |
Affected products
2- ZIPFoundation/ZIPFoundationdescription
Patches
Vulnerability mechanics
References
7- blog.ostorlab.co/zip-packages-exploitation.htmlnvdExploitWEB
- ostorlab.co/vulndb/advisory/OVE-2023-4nvdExploitWEB
- ostorlab.co/vulndb/advisory/OVE-2023-6nvdExploitWEB
- github.com/advisories/GHSA-c2cc-3569-6jh2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-39138ghsaADVISORY
- github.com/weichsel/ZIPFoundation/issues/282nvdIssue TrackingWEB
- github.com/weichsel/ZIPFoundation/releases/tag/0.9.18ghsaWEB
News mentions
0No linked articles in our index yet.