blob: da5d0bd2e2afb650ac16a3f7b0ed0a124cc64118 [file] [log] [blame]
id: GO-2023-1611
modules:
- module: github.com/gookit/goutil
versions:
- fixed: 0.6.7
vulnerable_at: 0.6.6
packages:
- package: github.com/gookit/goutil/fsutil
symbols:
- Unzip
summary: Path traversal in github.com/gookit/goutil
description: |-
fsutil.Unzip is vulnerable to path traversal attacks due to improper validation
of paths.
cves:
- CVE-2023-27475
ghsas:
- GHSA-fx2v-qfhr-4chv
credits:
- '@cokeBeer'
references:
- advisory: https://github.com/gookit/goutil/security/advisories/GHSA-fx2v-qfhr-4chv
- fix: https://github.com/gookit/goutil/commit/d7b94fede71f018f129f7d21feb58c895d28dadc
review_status: REVIEWED