blob: fb09ecfe120540313adc16c3b06881072d43df81 [file] [log] [blame]
id: GO-2021-0106
modules:
- module: github.com/whyrusleeping/tar-utils
versions:
- fixed: 0.0.0-20201201191210-20a61371de5b
vulnerable_at: 0.0.0-20201201182126-c528cc7df19d
packages:
- package: github.com/whyrusleeping/tar-utils
symbols:
- Extractor.outputPath
derived_symbols:
- Extractor.Extract
summary: Path traversal in github.com/whyrusleeping/tar-utils
description: |-
Due to improper path sanitization, archives containing relative file paths can
cause files to be written (or overwritten) outside of the target directory.
published: 2021-07-28T18:08:05Z
ghsas:
- GHSA-jpf8-h7h7-3ppm
references:
- fix: https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227
- web: https://snyk.io/research/zip-slip-vulnerability
cve_metadata:
id: CVE-2020-36566
cwe: 'CWE 22: Improper Limitation of a Pathname to a Restricted Directory (''Path Traversal'')'
review_status: REVIEWED