Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:25747
HistoryJun 23, 2020 - 11:01 p.m.

Arbitrary File Write

2020-06-2323:01:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12

EPSS

0.001

Percentile

43.5%

JSON

github.com/unknwon/cae/zip is vulnerable to arbitrary file write (Zip-slip) vulnerability. Lack of sanitization of zip archives file path destPath in the function ExtractToFunc for file names with leading or non-leading “…” allows malicious user to perform rewriting of files system-wide.

Related

github 1
prion 1
nvd 1
osv 2
cvelist 1
ubuntucve 1
cve 1
github
github
Path Traversal in github.com/unknwon/cae/zip
2021-05-18 20:31:06
prion
prion
Code injection
2020-06-23 19:38:00
nvd
nvd
CVE-2020-7664
2020-06-23 19:38:14
osv
osv
Path traversal in github.com/unknwon/cae
2022-01-14 17:30:28
Path Traversal in github.com/unknwon/cae/zip
2021-05-18 20:31:06
cvelist
cvelist
CVE-2020-7664 Arbitrary File Write via Archive Extraction (Zip Slip)
2020-06-17 16:00:17
ubuntucve
ubuntucve
CVE-2020-7664
2020-06-23 00:00:00
cve
cve
CVE-2020-7664
2020-06-23 19:38:14

EPSS

0.001

Percentile

43.5%

JSON
Related for VERACODE:25747
github1prion1nvd1osv2cvelist1ubuntucve1cve1