VYPR

Go modules package

github.com/mholt/archiver/v3

pkg:golang/github.com/mholt/archiver/v3

Vulnerabilities (2)

  • CVE-2025-3445HigApr 13, 2025
    affected <= 3.5.1

    A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using t

  • CVE-2024-0406Apr 6, 2024
    affected >= 3.0.0, <= 3.5.1

    A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or applic