Medium security severity vulnerability in JSZip - CVE-2021-23413

Your hoops_web_viewer.js and hoops_web_viewer_monolithic.js source files describe using JSZIP v3.1.5, which is vulnerable to “Crafting a new zip file with filenames set to Object prototype values (e.g proto, toString, etc) results in a returned object with a modified prototype instance.” per report in NVD - CVE-2021-23413. The fix is provided in JSZip v.3.7.0.

1 Like


thanks for letting us know. I have passed this information on to the development team.


1 Like

Hi Guido. Do we have an update from the development team about this vulnerability?

@guido - Any updates on this?

@ramony I’ve logged this issue in our support portal. Here is the ticket:
Medium security severity vulnerability in JSZip - CVE-2021-23413. We can continue the discussion there.