Описание
github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip)
The CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading .. which leads in file extraction outside of the current directory. Note, the fixing commit was applied to all affected versions which were re-released.
Пакеты
Наименование
github.com/sassoftware/go-rpmutils
go
Затронутые версииВерсия исправления
< 0.1.0
0.1.0
Связанные уязвимости
CVSS3: 7.5
nvd
больше 5 лет назад
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released.