Lucene search
GoogleOSV:GO-2022-1114HistoryDec 07, 2022 - 6:39 p.m.
ZipSlip when unzipping files in github.com/duke-git/lancet
2022-12-0718:39:23
Google
osv.dev
15
zipslip
vulnerability
fileutil package
github.com/duke-git/lancet
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.002
Percentile
59.0%
A ZipSlip vulnerability exists when using the fileutil package to unzip files.
Related
prion
prion
Design/Logic Flaw
2022-11-17 18:15:00
osv
osv
Lancet vulnerable to path traversal when unzipping files
2022-11-21 22:31:31
CVE-2022-41920
2022-11-17 18:15:10
nvd
nvd
CVE-2022-41920
2022-11-17 18:15:10
veracode
veracode
Path Traversal
2022-11-18 02:10:29
cvelist
cvelist
CVE-2022-41920 Zip slip in Lancet
2022-11-17 00:00:00
cve
cve
CVE-2022-41920
2022-11-17 18:15:10
github
github
Lancet vulnerable to path traversal when unzipping files
2022-11-21 22:31:31
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.002
Percentile
59.0%
Related for OSV:GO-2022-1114