CVE-2020-36560

Summary

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

Affected Software

VendorProductVersion RangeStatus
github.com/artdarek/go-unzipgithub.com/artdarek/go-unzip0 < 1.0.0affected

Weaknesses

  • CWE 29: Path Traversal: "..\filename"

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References