blob: 33bc1f9574b46b8fbbdc9ac0fa5e88c4927b1d8c [file] [log] [blame]
module: github.com/unknwon/cae
package: github.com/unknwon/cae/tz
additional_packages:
# CVE-2020-7664
- module: github.com/unknwon/cae
package: github.com/unknwon/cae/zip
symbols:
- ZipArchive.Open
- ZipArchive.ExtractToFunc
versions:
- fixed: v1.0.1
versions:
- fixed: v1.0.1
description: |
Due to improper path santization, archives containing relative file
paths can cause files to be written (or overwritten) outside of the
target directory.
published: 2021-04-14T12:00:00Z
cve: CVE-2020-7668
symbols:
- TzArchive.syncFiles
- TzArchive.ExtractToFunc
links:
commit: https://github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11
context:
- https://snyk.io/research/zip-slip-vulnerability