CVE-2020-7664
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:U/RC:C
Summary
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | github.com/unknwon/cae/zip | 0 < unspecified | affected |
Weaknesses
- Arbitrary File Write via Archive Extraction (Zip Slip)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.