CVE-2020-7668

Summary

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.

Affected Software

VendorProductVersion RangeStatus
n/agithub.com/unknwon/cae/tz0 < unspecifiedaffected

Weaknesses

  • Arbitrary File Write via Archive Extraction (Zip Slip)

ADP Enrichment

CVE Program Container

Additional References

References