Go modules package
github.com/unknwon/cae
pkg:golang/github.com/unknwon/cae
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-7668 | Hig | 7.5 | < 1.0.1 | 1.0.1 | Jun 23, 2020 | In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. | |
| CVE-2020-7664 | Hig | 7.5 | < 1.0.1 | 1.0.1 | Jun 23, 2020 | In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. |
- affected < 1.0.1fixed 1.0.1
In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
- affected < 1.0.1fixed 1.0.1
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.