Description loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. Remediation References CVE-2022-48285 Related Vulnerabilities Oracle JRE CVE-2014-0461 Vulnerability (CVE-2014-0461) Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0507) WordPress Plugin YITH WooCommerce Product Add-Ons Multiple Vulnerabilities (2.0.7) MySQL CVE-2014-6463 Vulnerability (CVE-2014-6463) IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-4962) Severity High Classification CVE-2022-48285 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Tags Missing Update Known Vulnerabilities