CVE-2020-36566

Summary

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

Affected Software

VendorProductVersion RangeStatus
github.com/whyrusleeping/tar-utilsgithub.com/whyrusleeping/tar-utils0 < 0.0.0-20201201191210-20a61371de5baffected

Weaknesses

  • CWE 22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References