VYPR

Go modules package

github.com/mholt/archiver

pkg:golang/github.com/mholt/archiver

Vulnerabilities (4)

  • CVE-2025-3445HigApr 13, 2025
    affected <= 3.5.1

    A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using t

  • CVE-2024-0406Apr 6, 2024
    affected >= 3.0.0, <= 3.5.1

    A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or applic

  • CVE-2019-10743Oct 28, 2019
    affected >= 3.0.0, < 3.3.2fixed 3.3.2

    All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extracti

  • CVE-2018-1002207MedJul 25, 2018
    affected < 2.1.0fixed 2.1.0

    mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known