{"data":{"id":"efccfdff-4aff-49c9-bea5-851ab530e308","title":"GHSA-x2xq-qhjf-5mvg: DDEV has ZipSlip path traversal in tar and zip archive extraction","summary":"DDEV, a local development tool, has a ZipSlip vulnerability (a path traversal flaw where attackers use special path names like '../' to escape the intended extraction directory) in its archive extraction functions. When DDEV extracts tar or zip archives from remote sources, it doesn't validate file paths, allowing attackers to write files anywhere on a developer's machine by crafting malicious archives.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-x2xq-qhjf-5mvg","publishedAt":"2026-04-22T19:06:36.000Z","cveId":"CVE-2026-32885","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["github.com/ddev/ddev@< 1.25.2 (fixed: 1.25.2)"],"affectedVendors":[],"affectedVendorsRaw":["DDEV"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-22T19:06:36.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":["AML.T0010"]}}