Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41920: How to get in touch regarding a security concern? · Issue #62 · duke-git/lancet

Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue.

CVE
Open in Source
#git

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Related news

GHSA-pp3f-xrw5-q5j4: Lancet vulnerable to path traversal when unzipping files

### Impact What kind of vulnerability is it? Who is impacted? ZipSlip issue when use fileutil package to unzip files. ### Patches Has the problem been patched? What versions should users upgrade to? It will fixed in v2.1.10, Please upgrade version to v2.1.10 or above. Users who use v1.x.x should upgrade v1.3.4 or above. ### Workarounds Is there a way for users to fix or remediate the vulnerability without upgrading? No, users have to upgrade version.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE