reports/GO-2020-0041.toml - vulndb - Git at Google

 module = "github.com/unknwon/cae"
 package = "github.com/unknwon/cae/tz"

 description = """
 Malicious Zip and Tar archives can be crafted that contain relative
 file paths, such that arbitary files outside of the target directory
 may be overwritten.
 """

 cve = "CVE-2020-7668"

 symbols = ["TzArchive.syncFiles", "TzArchive.ExtractToFunc"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v1.0.1"

 [[additional_packages]]
 module = "github.com/unknwon/cae"
 package = "github.com/unknwon/cae/zip"
 symbols = ["ZipArchive.Open", "ZipArchive.ExtractToFunc"]
 [[additional_packages.versions]]
 fixed = "v1.0.1"

 [links]
 commit = "https://github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11"
 context = ["https://snyk.io/research/zip-slip-vulnerability"]
	module = "github.com/unknwon/cae"
	package = "github.com/unknwon/cae/tz"

	description = """
	Malicious Zip and Tar archives can be crafted that contain relative
	file paths, such that arbitary files outside of the target directory
	may be overwritten.
	"""

	cve = "CVE-2020-7668"

	symbols = ["TzArchive.syncFiles", "TzArchive.ExtractToFunc"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v1.0.1"

	[[additional_packages]]
	module = "github.com/unknwon/cae"
	package = "github.com/unknwon/cae/zip"
	symbols = ["ZipArchive.Open", "ZipArchive.ExtractToFunc"]
	[[additional_packages.versions]]
	fixed = "v1.0.1"

	[links]
	commit = "https://github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11"
	context = ["https://snyk.io/research/zip-slip-vulnerability"]