High severity8.8NVD Advisory· Published Mar 7, 2023· Updated Jun 17, 2026
CVE-2023-27475
CVE-2023-27475
Description
Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/gookit/goutilGo | < 0.6.0 | 0.6.0 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/gookit/goutil/commit/d7b94fede71f018f129f7d21feb58c895d28dadcnvdPatchWEB
- github.com/advisories/GHSA-fx2v-qfhr-4chvghsaADVISORY
- github.com/gookit/goutil/security/advisories/GHSA-fx2v-qfhr-4chvnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-27475ghsaADVISORY
- pkg.go.dev/vuln/GO-2023-1611ghsaWEB
- security.netapp.com/advisory/ntap-20230427-0003ghsaWEB
- security.netapp.com/advisory/ntap-20230427-0003/nvd
News mentions
0No linked articles in our index yet.