CVE-2020-7668

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
References
Link Resource
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:compression_and_archive_extensions_tz_project:compression_and_archive_extensions_tz_project:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-23 19:38

Updated : 2024-02-28 17:47


NVD link : CVE-2020-7668

Mitre link : CVE-2020-7668

CVE.ORG link : CVE-2020-7668


JSON object : View

Products Affected

compression_and_archive_extensions_tz_project

  • compression_and_archive_extensions_tz_project
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')