VYPR

Go modules package

github.com/sassoftware/go-rpmutils

pkg:golang/github.com/sassoftware/go-rpmutils

Vulnerabilities (1)

  • CVE-2020-7667HigJun 24, 2020
    affected < 0.1.0fixed 0.1.0

    In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit wa