node-extract-zip - Debian Package Tracker

1 security issue in trixie high

1 important issue:

CVE-2026-56876: extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files.

Created: 2026-06-27 Last update: 2026-06-27 07:00

1 security issue in sid high

1 important issue:

CVE-2026-56876: extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files.

Created: 2026-06-27 Last update: 2026-06-27 07:00

1 security issue in forky high

1 important issue:

CVE-2026-56876: extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files.

Created: 2026-06-27 Last update: 2026-06-27 07:00

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2026-56876: extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files.

Created: 2026-06-27 Last update: 2026-06-27 07:00

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2026-56876: extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files.

Created: 2026-06-27 Last update: 2026-06-27 07:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.6.1).

Created: 2022-12-17 Last update: 2026-03-31 15:01