VYPR

Go modules package

github.com/unknwon/cae

pkg:golang/github.com/unknwon/cae

Vulnerabilities (2)

  • CVE-2020-7668HigJun 23, 2020
    affected < 1.0.1fixed 1.0.1

    In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.

  • CVE-2020-7664HigJun 23, 2020
    affected < 1.0.1fixed 1.0.1

    In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.