Medium severity6.3NVD Advisory· Published Nov 17, 2022· Updated Jun 17, 2026
CVE-2022-41920
CVE-2022-41920
Description
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/duke-git/lancet/v2Go | >= 2.0.0, < 2.1.10 | 2.1.10 |
github.com/duke-git/lancetGo | < 1.3.4 | 1.3.4 |
Affected products
3- ghsa-coords2 versions
< 1.3.4+ 1 more
- (no CPE)range: < 1.3.4
- (no CPE)range: >= 2.0.0, < 2.1.10
- duke-git/lancetv5Range: < 1.3.4
Patches
Vulnerability mechanics
References
7- github.com/duke-git/lancet/commit/f133b32faa05eb93e66175d01827afa4b7094572nvdPatchThird Party AdvisoryWEB
- github.com/duke-git/lancet/commit/f869a0a67098e92d24ddd913e188b32404fa72c9nvdPatchThird Party AdvisoryWEB
- github.com/duke-git/lancet/security/advisories/GHSA-pp3f-xrw5-q5j4nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-pp3f-xrw5-q5j4ghsaADVISORY
- github.com/duke-git/lancet/issues/62nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-41920ghsaADVISORY
- pkg.go.dev/vuln/GO-2022-1114ghsaWEB
News mentions
0No linked articles in our index yet.