Lucene search
GoogleOSV:GHSA-VPX7-VM66-QX8RHistoryMay 18, 2021 - 8:31 p.m.
Path Traversal in github.com/unknwon/cae/zip
2021-05-1820:31:06
Google
osv.dev
8
path traversal
github.com/unknwon/cae/zip
extractto function
software vulnerability
EPSS
0.001
Percentile
43.5%
The ExtractTo function doesn’t securely escape file paths in zip archives which include leading or non-leading “…”. This allows an attacker to add or replace files system-wide.
Specific Go Packages Affected
Related
prion
prion
Code injection
2020-06-23 19:38:00
nvd
nvd
CVE-2020-7664
2020-06-23 19:38:14
osv
osv
Path traversal in github.com/unknwon/cae
2022-01-14 17:30:28
cvelist
cvelist
CVE-2020-7664 Arbitrary File Write via Archive Extraction (Zip Slip)
2020-06-17 16:00:17
github
github
Path Traversal in github.com/unknwon/cae/zip
2021-05-18 20:31:06
ubuntucve
ubuntucve
CVE-2020-7664
2020-06-23 00:00:00
veracode
veracode
Arbitrary File Write
2020-06-23 23:01:18
cve
cve
CVE-2020-7664
2020-06-23 19:38:14