aikido.dev Secure My Code

Intel/AIKIDO-2025-10211

AIKIDO-2025-10211

zip-lib is vulnerable to Zip Slip

Zip Slip Pre-CVE

75

High Risk

This Affects:

0.1.0 - 1.0.5

Fixed in 1.1.0

TL;DR

Affected versions of this package are vulnerable to a directory traversal or zip slip issue during ZIP extraction. When extracting multiple ZIP files, an attacker can bypass the isOutsideTargetFolder check by first extracting a ZIP file containing a symlink to an arbitrary directory (e.g., /tmp/) and then extracting another ZIP file with files or symlinks targeting that location. This allows files to be written outside the intended extraction directory, potentially leading to unauthorized file writes.

Who does this affect?

You are affected if you are use a vulnerable version of torchserve.

Background info

zip-lib is vulnerable to Zip Slip in versions 0.1.0 - 1.0.5.

How to fix this

Upgrade zip-lib to the patch version.

75

High Risk

This Affects:

0.1.0 - 1.0.5

Fixed in 1.1.0

Links

github.com/fpsqdb/zip-lib/releases/tag/v1.1.0

Get Secure Now

Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.

No credit card required | Scan results in 32secs.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done