4 matches found
CVE-2020-7669
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...
CVE-2020-7669
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...
CVE-2020-7669
CVE-2020-7669 affects the Go package github.com/u-root/u-root/pkg/tarutil, vulnerable to both leading and non-leading relative path traversal attacks during tar extraction (Zip Slip). The issue is present in versions prior to 0.7.0; the restoration of safe extraction is achieved by upgrading to n...
CVE-2020-7669 Arbitrary File Write via Archive Extraction (Zip Slip)
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...