High severityNVD Advisory· Published Aug 30, 2023· Updated Oct 1, 2024
CVE-2023-39139
CVE-2023-39139
Description
An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
archivePub | < 3.3.8 | 3.3.8 |
Affected products
2- Archive/Archivedescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-9v85-q87q-g4vgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-39139ghsaADVISORY
- blog.ostorlab.co/zip-packages-exploitation.htmlghsaWEB
- github.com/brendan-duncan/archive/commit/6de492385d72af044231c4163dff13a43d991c83ghsaWEB
- github.com/brendan-duncan/archive/commit/edb0d480733a44d28ff3d5e4e2779153ba645ce7ghsaWEB
- github.com/brendan-duncan/archive/issues/265ghsaWEB
- ostorlab.co/vulndb/advisory/OVE-2023-5ghsaWEB
News mentions
0No linked articles in our index yet.