CVE-2020-7664

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
References
Link Resource
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:compression_and_archive_extensions_project:compression_and_archive_extensions_zip_project:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-23 19:38

Updated : 2024-02-28 17:47


NVD link : CVE-2020-7664

Mitre link : CVE-2020-7664

CVE.ORG link : CVE-2020-7664


JSON object : View

Products Affected

compression_and_archive_extensions_project

  • compression_and_archive_extensions_zip_project
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')