blob: b2360ad294049043e9bf3822dbc52b7d1de5e45a [file] [log] [blame]
modules:
- module: github.com/duke-git/lancet
versions:
- fixed: 1.3.4
vulnerable_at: 1.3.3
packages:
- package: github.com/duke-git/lancet/fileutil
symbols:
- UnZip
- module: github.com/duke-git/lancet/v2
versions:
- introduced: 2.0.0
fixed: 2.1.10
vulnerable_at: 2.1.9
packages:
- package: github.com/duke-git/lancet/v2/fileutil
symbols:
- UnZip
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
description: A ZipSlip vulnerability exists when using the fileutil package to unzip
files.
cves:
- CVE-2022-41920
ghsas:
- GHSA-pp3f-xrw5-q5j4
references:
- report: https://github.com/duke-git/lancet/issues/62
- fix: https://github.com/duke-git/lancet/commit/f133b32faa05eb93e66175d01827afa4b7094572
- fix: https://github.com/duke-git/lancet/commit/f869a0a67098e92d24ddd913e188b32404fa72c9