Описание
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:compression_and_archive_extensions_project:compression_and_archive_extensions_zip_project:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00346
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 5 лет назад
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
CVSS3: 7.5
debian
больше 5 лет назад
In all versions of the package github.com/unknwon/cae/zip, the Extract ...
EPSS
Процентиль: 57%
0.00346
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22