4 matches found
CVE-2023-28105
go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version...
CVE-2023-28105
go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version...
CVE-2023-28105
CVE-2023-28105 concerns the go-huge-util Go package. A ZipSlip/path-traversal flaw affects versions prior to 0.0.34 when unzipping archives via the fsutil/zip.Unzip function, allowing a malicious zip to escape the target directory. The issue is fixed in 0.0.34; there are no publicly documented wo...
PT-2023-21563 · Unknown · Go-Used-Util
Name of the Vulnerable Software and Affected Versions: go-used-util versions prior to 0.0.34 Description: The issue is a ZipSlip problem that occurs when using the fsutil package to unzip files. This can lead to path traversal when users use zip.Unzip to unzip zip files from a malicious attacker...