2 matches found
CVE-2021-38197
unarr.go in go-unarr aka Go bindings for unarr 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive...
CVE-2021-38197
CVE-2021-38197 affects go-unarr (Go bindings for unarr) version 0.1.1, where a Directory Traversal flaw allows the use of .. in TAR archive paths to access files outside the intended directory. This vulnerability is corroborated across multiple sources (NVD entry, GHSA, OSV, Veracode, CNVD, and o...