Количество 3
Количество 3
CVE-2024-47877
Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4 will require to implement the new methods that have been added.
GHSA-8rm2-93mq-jqhc
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
SUSE-SU-2024:3911-1
Security update for govulncheck-vulndb
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-47877 Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4 will require to implement the new methods that have been added. | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
| GHSA-8rm2-93mq-jqhc Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. | CVSS3: 5.3 | 1% Низкий | больше 1 года назад |
 | SUSE-SU-2024:3911-1 Security update for govulncheck-vulndb | больше 1 года назад |
Уязвимостей на страницу