Go modules package
github.com/mholt/archiver
pkg:golang/github.com/mholt/archiver
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-3445 | Hig | 8.1 | <= 3.5.1 | — | Apr 13, 2025 | A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using t | |
| CVE-2024-0406 | — | >= 3.0.0, <= 3.5.1 | — | Apr 6, 2024 | A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or applic | ||
| CVE-2019-10743 | — | >= 3.0.0, < 3.3.2 | 3.3.2 | Oct 28, 2019 | All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extracti | ||
| CVE-2018-1002207 | Med | 5.5 | < 2.1.0 | 2.1.0 | Jul 25, 2018 | mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known |
- affected <= 3.5.1
A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using t
- CVE-2024-0406Apr 6, 2024affected >= 3.0.0, <= 3.5.1
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or applic
- CVE-2019-10743Oct 28, 2019affected >= 3.0.0, < 3.3.2fixed 3.3.2
All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extracti
- affected < 2.1.0fixed 2.1.0
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known