Lucene search
Veracode Vulnerability DatabaseVERACODE:25760HistoryJun 25, 2020 - 3:10 a.m.
Arbitrary File Write
2020-06-2503:10:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
EPSS
0.001
Percentile
40.0%
github.com/sassoftware/go-rpmutils is vulnerable to arbitrary file write. The vulnerability exists as the extract function in cpio/extract_test.go does not restrict the filepath path to the dest, allowing extraction outside the permitted cpio path.
Related
nvd
nvd
CVE-2020-7667
2020-06-24 12:15:12
github
github
osv
osv
github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip)
2021-06-23 17:13:29
CVE-2020-7667
2020-06-24 12:15:12
cve
cve
CVE-2020-7667
2020-06-24 12:15:12
cvelist
cvelist
CVE-2020-7667 Arbitrary File Write via Archive Extraction (Zip Slip)
2020-06-24 12:00:15
prion
prion
Design/Logic Flaw
2020-06-24 12:15:00
ibm
ibm