Lucene search

GitHub Advisory DatabaseGHSA-V9J4-CP63-QV62

HistorySep 01, 2021 - 6:32 p.m.

Tarslip in go-unarr

2021-09-0118:32:02

CWE-22

GitHub Advisory Database

github.com

tarslip

vulnerability

unarr.go

directory traversal

tar archive

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.6%

JSON

unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via …/ in a pathname within a TAR archive.

Affected configurations

Vulners

Node

gen2braingo-unarrRange<0.1.4

VendorProductVersionCPE
gen2braingo-unarr*cpe:2.3:a:gen2brain:go-unarr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gen2brain	go-unarr	*	cpe:2.3:a:gen2brain:go-unarr::::::::

References

github.com/advisories/GHSA-v9j4-cp63-qv62

github.com/gen2brain/go-unarr/commit/239ec404d348280b50bbf671327709e8857fc5f4

github.com/gen2brain/go-unarr/issues/21

github.com/gen2brain/go-unarr/releases/tag/v0.1.4

nvd.nist.gov/vuln/detail/CVE-2021-38197

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.6%

JSON

Related for GHSA-V9J4-CP63-QV62