High severity7.5NVD Advisory· Published Jun 23, 2020· Updated Jun 17, 2026
CVE-2020-7664
CVE-2020-7664
Description
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/unknwon/caeGo | < 1.0.1 | 1.0.1 |
Affected products
2- unknwon/zipdescription
Patches
Vulnerability mechanics
References
5- snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-vpx7-vm66-qx8rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7664ghsaADVISORY
- github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11ghsaWEB
- pkg.go.dev/vuln/GO-2021-0228ghsaWEB
News mentions
0No linked articles in our index yet.