blob: 8d37cb5cf423854a388f391c3183a7b90b3cd6ff [file] [log] [blame]
id: GO-2020-0034
modules:
- module: github.com/artdarek/go-unzip
versions:
- fixed: 1.0.0
vulnerable_at: 0.0.0-20180315101617-33dc05190e4b
packages:
- package: github.com/artdarek/go-unzip
symbols:
- Unzip.Extract
summary: Path traversal in github.com/artdarek/go-unzip
description: |-
Due to improper path sanitization, archives containing relative file paths can
cause files to be written (or overwritten) outside of the target directory.
published: 2021-04-14T20:04:52Z
ghsas:
- GHSA-rmj9-q58g-9qgg
references:
- fix: https://github.com/artdarek/go-unzip/pull/2
- fix: https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0
- web: https://snyk.io/research/zip-slip-vulnerability
cve_metadata:
id: CVE-2020-36560
cwe: 'CWE 29: Path Traversal: "\..\filename"'
review_status: REVIEWED