Critical severity9.8NVD Advisory· Published Aug 8, 2021· Updated Jun 17, 2026
CVE-2021-38197
CVE-2021-38197
Description
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/gen2brain/go-unarrGo | < 0.1.4 | 0.1.4 |
Affected products
2- go-unarr/go-unarrdescription
Patches
Vulnerability mechanics
References
6- github.com/gen2brain/go-unarr/issues/21nvdExploitIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-v9j4-cp63-qv62ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-38197ghsaADVISORY
- github.com/gen2brain/go-unarrghsaPACKAGE
- github.com/gen2brain/go-unarr/commit/239ec404d348280b50bbf671327709e8857fc5f4ghsaWEB
- github.com/gen2brain/go-unarr/releases/tag/v0.1.4ghsaWEB
News mentions
0No linked articles in our index yet.