Описание
go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.0.34 (исключая)
cpe:2.3:a:go-huge-util_project:go-huge-util:*:*:*:*:*:go:*:*
EPSS
Процентиль: 32%
0.00123
Низкий
8.8 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 8.8
github
почти 3 года назад
Go-huge-util vulnerable to path traversal when unzipping files
EPSS
Процентиль: 32%
0.00123
Низкий
8.8 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-22