CVE-2020-36561

Summary

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

Affected Software

VendorProductVersion RangeStatus
github.com/yi-ge/unzipgithub.com/yi-ge/unzip0 < 1.0.3-0.20200308084313-2adbaa4891b9affected

Weaknesses

  • CWE 29: Path Traversal: "..\filename"

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References