reports/GO-2020-0042.yaml - vulndb - Git at Google

 module: github.com/sassoftware/go-rpmutils
 package: github.com/sassoftware/go-rpmutils/cpio
 versions:
 - fixed: v0.1.0
 description: |
   Malicious RPM archives can be crafted that contain relative
   file paths, such that arbitary files outside of the target directory
   may be overwritten.
 published: 2021-04-14T12:00:00Z
 cve: CVE-2020-7667
 symbols:
 - Extract
 links:
   commit: https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0
   context:
   - https://snyk.io/research/zip-slip-vulnerability
	module: github.com/sassoftware/go-rpmutils
	package: github.com/sassoftware/go-rpmutils/cpio
	versions:
	- fixed: v0.1.0
	description: \|
	Malicious RPM archives can be crafted that contain relative
	file paths, such that arbitary files outside of the target directory
	may be overwritten.
	published: 2021-04-14T12:00:00Z
	cve: CVE-2020-7667
	symbols:
	- Extract
	links:
	commit: https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0
	context:
	- https://snyk.io/research/zip-slip-vulnerability