{"data":{"id":"c1cf506b-2138-4289-9aed-09bed2756329","title":"GHSA-rfx7-4xw3-gh4m: @appium/support has a Zip Slip arbitrary file write in its ZIP extraction","summary":"The `@appium/support` library has a bug in its ZIP file extraction code that fails to prevent Zip Slip attacks (a vulnerability where malicious ZIP files use `../` path components to write files outside the intended folder). The security check creates an error message but never throws it, so malicious ZIP entries can write files anywhere the Appium process has permission to write. This affects all JavaScript-based ZIP extractions by default.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-rfx7-4xw3-gh4m","publishedAt":"2026-03-11T00:22:38.000Z","cveId":"CVE-2026-30973","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["@appium/support@<= 7.0.5 (fixed: 7.0.6)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Appium","@appium/support"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-03-11T00:22:38.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}