data/reports/GO-2022-1114.yaml - vulndb - Git at Google

 id: GO-2022-1114
 modules:
     - module: github.com/duke-git/lancet
       versions:
         - fixed: 1.3.4
       vulnerable_at: 1.3.3
       packages:
         - package: github.com/duke-git/lancet/fileutil
           symbols:
             - UnZip
     - module: github.com/duke-git/lancet/v2
       versions:
         - introduced: 2.0.0
           fixed: 2.1.10
       vulnerable_at: 2.1.9
       packages:
         - package: github.com/duke-git/lancet/v2/fileutil
           symbols:
             - UnZip
 summary: ZipSlip when unzipping files in github.com/duke-git/lancet
 description: A ZipSlip vulnerability exists when using the fileutil package to unzip files.
 cves:
     - CVE-2022-41920
 ghsas:
     - GHSA-pp3f-xrw5-q5j4
 references:
     - report: https://github.com/duke-git/lancet/issues/62
     - fix: https://github.com/duke-git/lancet/commit/f133b32faa05eb93e66175d01827afa4b7094572
     - fix: https://github.com/duke-git/lancet/commit/f869a0a67098e92d24ddd913e188b32404fa72c9
	id: GO-2022-1114
	modules:
	- module: github.com/duke-git/lancet
	versions:
	- fixed: 1.3.4
	vulnerable_at: 1.3.3
	packages:
	- package: github.com/duke-git/lancet/fileutil
	symbols:
	- UnZip
	- module: github.com/duke-git/lancet/v2
	versions:
	- introduced: 2.0.0
	fixed: 2.1.10
	vulnerable_at: 2.1.9
	packages:
	- package: github.com/duke-git/lancet/v2/fileutil
	symbols:
	- UnZip
	summary: ZipSlip when unzipping files in github.com/duke-git/lancet
	description: A ZipSlip vulnerability exists when using the fileutil package to unzip files.
	cves:
	- CVE-2022-41920
	ghsas:
	- GHSA-pp3f-xrw5-q5j4
	references:
	- report: https://github.com/duke-git/lancet/issues/62
	- fix: https://github.com/duke-git/lancet/commit/f133b32faa05eb93e66175d01827afa4b7094572
	- fix: https://github.com/duke-git/lancet/commit/f869a0a67098e92d24ddd913e188b32404fa72c9