reports/GO-2020-0035.yaml - vulndb - Git at Google

 module: github.com/yi-ge/unzip
 versions:
 - fixed: v1.0.3-0.20200308084313-2adbaa4891b9
 description: |
   Malicious Zip archives can be crafted that contain relative file paths,
   such that arbitary files outside of the target directory may be overwritten.
 published: 2021-04-14T12:00:00Z
 symbols:
 - Unzip.Extract
 links:
   pr: https://github.com/yi-ge/unzip/pull/1
   commit: https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73
   context:
   - https://snyk.io/research/zip-slip-vulnerability
	module: github.com/yi-ge/unzip
	versions:
	- fixed: v1.0.3-0.20200308084313-2adbaa4891b9
	description: \|
	Malicious Zip archives can be crafted that contain relative file paths,
	such that arbitary files outside of the target directory may be overwritten.
	published: 2021-04-14T12:00:00Z
	symbols:
	- Unzip.Extract
	links:
	pr: https://github.com/yi-ge/unzip/pull/1
	commit: https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73
	context:
	- https://snyk.io/research/zip-slip-vulnerability