Описание
Goutil vulnerable to path traversal when unzipping files
Impact
ZipSlip issue when use fsutil package to unzip files. When users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal.
Patches
It has been fixed in v0.6.0, Please upgrade version to v0.6.0 or above.
Workarounds
No, users have to upgrade version.
Пакеты
Наименование
github.com/gookit/goutil
go
Затронутые версииВерсия исправления
< 0.6.0
0.6.0
Связанные уязвимости
CVSS3: 8.8
nvd
почти 3 года назад
Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue.