VYPR

npm package

@apostrophecms/import-export

pkg:npm/%40apostrophecms/import-export

Vulnerabilities (1)

  • CVE-2026-32731Mar 18, 2026
    affected < 3.5.3fixed 3.5.3

    ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`, The `extract()` function in `gzip.js` constructs file-write paths using `fs.createWriteStream(path.join(exportPath, header.name))`. `path.join()` does not resol