blob: 8558ab6d7e5afd7c19affe0bb6f6586d10912046 [file] [log] [blame]
id: GO-2020-0025
modules:
- module: code.cloudfoundry.org/archiver
versions:
- fixed: 0.0.0-20180523222229-09b5706aa936
vulnerable_at: 0.0.0-20170223024658-7291196139d7
packages:
- package: code.cloudfoundry.org/archiver/extractor
symbols:
- extractTarArchiveFile
- extractZipArchiveFile
derived_symbols:
- detectableExtractor.Extract
- tarExtractor.Extract
- tgzExtractor.Extract
- zipExtractor.Extract
summary: Path traversal in code.cloudfoundry.org/archiver
description: |-
Due to improper path sanitization, archives containing relative file paths can
cause files to be written (or overwritten) outside of the target directory.
published: 2021-04-14T20:04:52Z
ghsas:
- GHSA-32qh-8vg6-9g43
references:
- fix: https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840
- web: https://snyk.io/research/zip-slip-vulnerability
cve_metadata:
id: CVE-2018-25046
cwe: 'CWE 29: Path Traversal: "\..\filename"'
review_status: REVIEWED