The 'Compressing' library for Node.js contains a high-severity vulnerability that could allow attackers to perform unauthorized file writes on the host system.

This vulnerability likely involves a "Zip Slip" or path traversal flaw within the compression/uncompression functions. An attacker providing a malicious archive could potentially write files to arbitrary locations on the server, often without authentication if the library processes user-uploaded files.

A CVSS score of 8.4 reflects the high risk of Remote Code Execution (RCE) or system takeover. By overwriting critical system files or application code, an attacker can gain persistent access to the server, leading to data theft and significant operational impact.

Immediate Action: Developers should update the 'Compressing' dependency in their package.json to the latest secure version and redeploy affected applications.

Proactive Monitoring: Audit application code to ensure that all file paths extracted from archives are validated and sanitized before being written to the disk.

Compensating Controls: Run Node.js applications in a restricted environment (e.g., containers with read-only file systems where possible) to limit the impact of unauthorized file writes.

Public Exploit Available: false

We strongly recommend that development teams audit their Node.js projects for the 'Compressing' library and update it immediately. Failure to patch this library could leave servers vulnerable to full system compromise via malicious file uploads.