loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. References https://nvd.nist.gov/vuln/detail/CVE-2022-48285 https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15 https://github.com/Stuk/jszip/compare/v3.7.1…v3.8.0 https://www.mend.io/vulnerability-database/WS-2023-0004 https://github.com/advisories/GHSA-36fh-84j7-cv5h