data/reports/GO-2022-1114.yaml - vulndb - Git at Google

 modules:
   - module: github.com/duke-git/lancet
     versions:
       - fixed: 1.3.4
     vulnerable_at: 1.3.3
     packages:
       - package: github.com/duke-git/lancet/fileutil
         symbols:
           - UnZip
   - module: github.com/duke-git/lancet/v2
     versions:
       - introduced: 2.0.0
         fixed: 2.1.10
     vulnerable_at: 2.1.9
     packages:
       - package: github.com/duke-git/lancet/v2/fileutil
         symbols:
           - UnZip
 description: A ZipSlip vulnerability exists when using the fileutil package to unzip
     files.
 cves:
   - CVE-2022-41920
 ghsas:
   - GHSA-pp3f-xrw5-q5j4
 references:
   - report: https://github.com/duke-git/lancet/issues/62
   - fix: https://github.com/duke-git/lancet/commit/f133b32faa05eb93e66175d01827afa4b7094572
   - fix: https://github.com/duke-git/lancet/commit/f869a0a67098e92d24ddd913e188b32404fa72c9
	modules:
	- module: github.com/duke-git/lancet
	versions:
	- fixed: 1.3.4
	vulnerable_at: 1.3.3
	packages:
	- package: github.com/duke-git/lancet/fileutil
	symbols:
	- UnZip
	- module: github.com/duke-git/lancet/v2
	versions:
	- introduced: 2.0.0
	fixed: 2.1.10
	vulnerable_at: 2.1.9
	packages:
	- package: github.com/duke-git/lancet/v2/fileutil
	symbols:
	- UnZip
	description: A ZipSlip vulnerability exists when using the fileutil package to unzip
	files.
	cves:
	- CVE-2022-41920
	ghsas:
	- GHSA-pp3f-xrw5-q5j4
	references:
	- report: https://github.com/duke-git/lancet/issues/62
	- fix: https://github.com/duke-git/lancet/commit/f133b32faa05eb93e66175d01827afa4b7094572
	- fix: https://github.com/duke-git/lancet/commit/f869a0a67098e92d24ddd913e188b32404fa72c9