Количество 2
Количество 2
CVE-2020-7667
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released.
GHSA-9423-6c93-gpp8
github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-7667 In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released. | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
| GHSA-9423-6c93-gpp8 github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip) | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу