CVE-2020-36560

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Configurations

Configuration 1 (hide)

cpe:2.3:a:go-unzip_project:go-unzip:*:*:*:*:*:go:*:*

History

21 Nov 2024, 05:29

Type Values Removed Values Added
References () https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0 - Patch, Third Party Advisory () https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0 - Patch, Third Party Advisory
References () https://github.com/artdarek/go-unzip/pull/2 - Exploit, Third Party Advisory () https://github.com/artdarek/go-unzip/pull/2 - Exploit, Third Party Advisory
References () https://pkg.go.dev/vuln/GO-2020-0034 - Third Party Advisory () https://pkg.go.dev/vuln/GO-2020-0034 - Third Party Advisory
References () https://snyk.io/research/zip-slip-vulnerability - Technical Description, Third Party Advisory () https://snyk.io/research/zip-slip-vulnerability - Technical Description, Third Party Advisory

08 Jun 2023, 21:15

Type Values Removed Values Added
Summary Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

Information

Published : 2022-12-27 22:15

Updated : 2024-11-21 05:29


NVD link : CVE-2020-36560

Mitre link : CVE-2020-36560

CVE.ORG link : CVE-2020-36560


JSON object : View

Products Affected

go-unzip_project

  • go-unzip
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')