Go modules package
github.com/sassoftware/go-rpmutils
pkg:golang/github.com/sassoftware/go-rpmutils
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-7667 | Hig | 7.5 | < 0.1.0 | 0.1.0 | Jun 24, 2020 | In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit wa |
- affected < 0.1.0fixed 0.1.0
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit wa