reports/GO-2020-0034.toml - vulndb - Git at Google

 module = "github.com/artdarek/go-unzip"

 description = """
 Malicious Zip archives can be crafted that contain relative file paths,
 such that arbitary files outside of the target directory may be overwritten.
 """

 symbols = ["Unzip.Extract"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v1.0.0"

 [links]
 commit = "https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0"
 pr = "https://github.com/artdarek/go-unzip/pull/2"
 context = ["https://snyk.io/research/zip-slip-vulnerability"]
	module = "github.com/artdarek/go-unzip"

	description = """
	Malicious Zip archives can be crafted that contain relative file paths,
	such that arbitary files outside of the target directory may be overwritten.
	"""

	symbols = ["Unzip.Extract"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v1.0.0"

	[links]
	commit = "https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0"
	pr = "https://github.com/artdarek/go-unzip/pull/2"
	context = ["https://snyk.io/research/zip-slip-vulnerability"]