Headline
GHSA-f5c5-hmw9-v8hx: Unzip vulnerable to path traversal
Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Package
gomod github.com/yi-ge/unzip (Go)
Affected versions
< 1.0.3-0.20200308084313-2adbaa4891b9
Patched versions
1.0.3-0.20200308084313-2adbaa4891b9
Related news
CVE-2020-36561: Merge pull request #1 from snoopysecurity/fix/santize-filename-paths · yi-ge/unzip@2adbaa4
Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.