2 matches found
GHSA-F7CQ-GVH6-QR25 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization
The sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to a path traversal bypass due to a missing trailing path separator in the strings.HasPrefix check. A crafted tar archive can write files outside the intended destination directory when using the extractor CLI...
PT-2026-25863
Name of the Vulnerable Software and Affected Versions Romeo versions prior to 0.2.2 Description Romeo, a Go code coverage tool, contains a path traversal flaw in the sanitizeArchivePath function located in webserver/api/v1/decoder.go lines 80-88. This is due to a missing trailing path separator i...