| id: GO-2021-0106 |
| modules: |
| - module: github.com/whyrusleeping/tar-utils |
| versions: |
| - fixed: 0.0.0-20201201191210-20a61371de5b |
| vulnerable_at: 0.0.0-20201201182126-c528cc7df19d |
| packages: |
| - package: github.com/whyrusleeping/tar-utils |
| symbols: |
| - Extractor.outputPath |
| derived_symbols: |
| - Extractor.Extract |
| summary: Path traversal in github.com/whyrusleeping/tar-utils |
| description: |- |
| Due to improper path sanitization, archives containing relative file paths can |
| cause files to be written (or overwritten) outside of the target directory. |
| published: 2021-07-28T18:08:05Z |
| ghsas: |
| - GHSA-jpf8-h7h7-3ppm |
| references: |
| - fix: https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227 |
| - web: https://snyk.io/research/zip-slip-vulnerability |
| cve_metadata: |
| id: CVE-2020-36566 |
| cwe: 'CWE 22: Improper Limitation of a Pathname to a Restricted Directory (''Path Traversal'')' |
| review_status: REVIEWED |