This affects all versions up to and including version 0.7.0 of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/u-root/u-root | lt | 0.9.0 |