blob: 4ef4094eff9b6990536ff45804b6291d5198e401 [file] [log] [blame]
module: github.com/unknwon/cae
package: github.com/unknwon/cae/tz
additional_packages:
- module: github.com/unknwon/cae
package: github.com/unknwon/cae/zip
symbols:
- ZipArchive.Open
- ZipArchive.ExtractToFunc
derived_symbols:
- Create
- ExtractTo
- ExtractToFunc
- Open
- OpenFile
- ZipArchive.Close
- ZipArchive.ExtractTo
- ZipArchive.Flush
versions:
- fixed: v1.0.1
versions:
- fixed: v1.0.1
description: |
Due to improper path santization, archives containing relative file
paths can cause files to be written (or overwritten) outside of the
target directory.
cves:
- CVE-2020-7668
symbols:
- TzArchive.syncFiles
- TzArchive.ExtractToFunc
derived_symbols:
- Create
- ExtractTo
- Open
- OpenFile
- TzArchive.Close
- TzArchive.ExtractTo
- TzArchive.Flush
- TzArchive.Open
links:
commit: https://github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11
context:
- https://snyk.io/research/zip-slip-vulnerability