reports/GO-2020-0034.yaml - vulndb - Git at Google

 module: github.com/artdarek/go-unzip
 versions:
 - fixed: v1.0.0
 description: |
   Malicious Zip archives can be crafted that contain relative file paths,
   such that arbitary files outside of the target directory may be overwritten.
 published: 2021-04-14T12:00:00Z
 symbols:
 - Unzip.Extract
 links:
   pr: https://github.com/artdarek/go-unzip/pull/2
   commit: https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0
   context:
   - https://snyk.io/research/zip-slip-vulnerability
	module: github.com/artdarek/go-unzip
	versions:
	- fixed: v1.0.0
	description: \|
	Malicious Zip archives can be crafted that contain relative file paths,
	such that arbitary files outside of the target directory may be overwritten.
	published: 2021-04-14T12:00:00Z
	symbols:
	- Unzip.Extract
	links:
	pr: https://github.com/artdarek/go-unzip/pull/2
	commit: https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0
	context:
	- https://snyk.io/research/zip-slip-vulnerability