VYPR
Medium severity6.3NVD Advisory· Published Nov 17, 2022· Updated Jun 17, 2026

CVE-2022-41920

CVE-2022-41920

Description

Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/duke-git/lancet/v2Go
>= 2.0.0, < 2.1.102.1.10
github.com/duke-git/lancetGo
< 1.3.41.3.4

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.