Lucene search
K

128 matches found

OSV
OSV
added 2023/03/30 7:15 p.m.33 views

PYSEC-2023-26

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

8.8CVSS8.8AI score0.00883EPSS
Exploits1References1
Prion
Prion
added 2023/03/30 7:15 p.m.18 views

Design/Logic Flaw

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

6.5CVSS8.6AI score0.00883EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/03/30 6:4 p.m.65 views

CVE-2022-23522

CVE-2022-23522 concerns MindsDB, where unsafe extraction via shutil.unpack_archive() from remotely retrieved tarballs may write files outside the intended directory (TarSlip/ZipSlip variant). The underlying issue: validating destination paths during archive extraction is insufficient, enabling cr...

8.8CVSS8.6AI score0.00883EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/03/30 6:4 p.m.23 views

CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

8.5CVSS8.4AI score0.00883EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/03/30 6:4 p.m.37 views

CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

8.5CVSS8.8AI score0.00883EPSS
Exploits1References1
Hacker One
Hacker One
added 2023/03/21 8:33 p.m.49 views

GitHub Security Lab: [ruby]: ZipSlip/TarSlip vulnerability detection

Vulnerability description not provided...

7.1AI score
Exploits0
OSV
OSV
added 2023/03/16 6:32 p.m.14 views

GHSA-5G39-PPWG-6XX8 Go-huge-util vulnerable to path traversal when unzipping files

Impact ZipSlip issue when use fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. Patches It has been fixed in v0.0.34, Please upgrade version to v0.0.34 or above. Workarounds No, users have to upgrade...

8.8CVSS8.6AI score0.00614EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/03/16 6:32 p.m.26 views

Go-huge-util vulnerable to path traversal when unzipping files

Impact ZipSlip issue when use fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. Patches It has been fixed in v0.0.34, Please upgrade version to v0.0.34 or above. Workarounds No, users have to upgrade...

8.8CVSS8.3AI score0.00614EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/03/16 5:15 p.m.30 views

CVE-2023-28105

go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version...

8.8CVSS8.7AI score0.00614EPSS
Exploits0References2
Prion
Prion
added 2023/03/16 5:15 p.m.16 views

Path traversal

go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version...

6.8CVSS8.6AI score0.00614EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/16 4:26 p.m.8 views

CVE-2023-28105 Go-huge-util vulnerable to path traversal when unzipping files

go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version...

8.8CVSS8.7AI score0.00614EPSS
Exploits0References2
OSV
OSV
added 2023/03/16 4:26 p.m.20 views

CVE-2023-28105 Go-huge-util vulnerable to path traversal when unzipping files

go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version...

8.8CVSS8.5AI score0.00614EPSS
Exploits0References4
OSV
OSV
added 2023/03/07 8:37 p.m.18 views

GHSA-FX2V-QFHR-4CHV Goutil vulnerable to path traversal when unzipping files

Impact ZipSlip issue when use fsutil package to unzip files. When users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. Patches It has been fixed in v0.6.0, Please upgrade version to v0.6.0 or above. Workarounds No, users have to upgrade...

8.8CVSS8.6AI score0.00849EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/03/07 8:37 p.m.25 views

Goutil vulnerable to path traversal when unzipping files

Impact ZipSlip issue when use fsutil package to unzip files. When users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. Patches It has been fixed in v0.6.0, Please upgrade version to v0.6.0 or above. Workarounds No, users have to upgrade...

8.8CVSS8.3AI score0.00849EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2023/03/07 6:15 p.m.35 views

CVE-2023-27475

Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version...

8.8CVSS8.6AI score0.00849EPSS
Exploits0References3
Prion
Prion
added 2023/03/07 6:15 p.m.19 views

Path traversal

Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version...

6.8CVSS8.6AI score0.00849EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/03/07 5:40 p.m.52 views

CVE-2023-27475

This CVE concerns github.com/gookit/goutil, specifically the Unzip logic in fsutil.Unzip that can be exploited for path traversal (Zip Slip). The issue affects versions prior to 0.6.0 and is fixed by upgrading to 0.6.0 or later. The vulnerability arises from insufficient validation of relative fi...

8.8CVSS8.6AI score0.00849EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/07 5:40 p.m.29 views

CVE-2023-27475 Goutil vulnerable to path traversal when unzipping files

Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version...

8.8CVSS8.4AI score0.00849EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/03/07 5:40 p.m.6 views

CVE-2023-27475 Goutil vulnerable to path traversal when unzipping files

Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version...

8.8CVSS8.6AI score0.00849EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/03/07 5:40 p.m.43 views

CVE-2023-27475 Goutil vulnerable to path traversal when unzipping files

Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version...

8.8CVSS8.8AI score0.00849EPSS
Exploits0References3
Rows per page
Query Builder