Lucene search

GoogleOSV:CVE-2023-28105

HistoryMar 16, 2023 - 5:15 p.m.

CVE-2023-28105

2023-03-1617:15:09

Google

osv.dev

cve-2023-28105

fsutil

zipslip

path traversal

security

vulnerability

unzip

malicious attacker

fix

version 0.0.34

software

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.4%

JSON

go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds.

CPENameOperatorVersion
cyaneq0.0.28
cyaneq0.0.13
cyaneq0.0.30
cyaneq0.0.9
cyaneq0.0.11
cyaneq0.0.14
cyaneq0.0.6
cyaneq0.0.2
cyaneq0.0.16
cyaneq0.0.8

Name	Operator	Version
cyan	eq	0.0.28
cyan	eq	0.0.13
cyan	eq	0.0.30
cyan	eq	0.0.9
cyan	eq	0.0.11
cyan	eq	0.0.14
cyan	eq	0.0.6
cyan	eq	0.0.2
cyan	eq	0.0.16
cyan	eq	0.0.8

Rows per page:

1-10 of 331

References

github.com/dablelv/go-huge-util/commit/0e308b0fac8973e6fa251b0ab095cdc5c1c0956b

github.com/dablelv/go-huge-util/security/advisories/GHSA-5g39-ppwg-6xx8