reports/GO-2020-0042.yaml - vulndb - Git at Google

 module: github.com/sassoftware/go-rpmutils
 package: github.com/sassoftware/go-rpmutils/cpio
 versions:
   - fixed: v0.1.0
 description: |
     Due to improper path santization, RPMs containing relative file
     paths can cause files to be written (or overwritten) outside of the
     target directory.
 cves:
   - CVE-2020-7667
 symbols:
   - Extract
 links:
     commit: https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0
     context:
       - https://snyk.io/research/zip-slip-vulnerability
	module: github.com/sassoftware/go-rpmutils
	package: github.com/sassoftware/go-rpmutils/cpio
	versions:
	- fixed: v0.1.0
	description: \|
	Due to improper path santization, RPMs containing relative file
	paths can cause files to be written (or overwritten) outside of the
	target directory.
	cves:
	- CVE-2020-7667
	symbols:
	- Extract
	links:
	commit: https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0
	context:
	- https://snyk.io/research/zip-slip-vulnerability