Lucene search
K

6 matches found

Veracode
Veracode
added 2023/03/18 10:27 a.m.17 views

Path Traversal

github.com/dablelv/go-huge-util is vulnerable to Path Traversal. The vulnerability exists due to the Create function in file/file.go because the library fails to strip ../ from the uncompressed file name, which allows an attacker to traverse outside the expected directory...

8.8CVSS8.3AI score0.00614EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/16 6:32 p.m.14 views

GHSA-5G39-PPWG-6XX8 Go-huge-util vulnerable to path traversal when unzipping files

Impact ZipSlip issue when use fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. Patches It has been fixed in v0.0.34, Please upgrade version to v0.0.34 or above. Workarounds No, users have to upgrade...

8.8CVSS8.6AI score0.00614EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/03/16 6:32 p.m.25 views

Go-huge-util vulnerable to path traversal when unzipping files

Impact ZipSlip issue when use fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. Patches It has been fixed in v0.0.34, Please upgrade version to v0.0.34 or above. Workarounds No, users have to upgrade...

8.8CVSS8.3AI score0.00614EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/16 4:26 p.m.7 views

CVE-2023-28105 Go-huge-util vulnerable to path traversal when unzipping files

go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version...

8.8CVSS8.7AI score0.00614EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/16 4:26 p.m.19 views

CVE-2023-28105 Go-huge-util vulnerable to path traversal when unzipping files

go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version...

8.8CVSS8.9AI score0.00614EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/16 12:0 a.m.4 views

go-huge-util 路径遍历漏洞

go-huge-util is a utility function commonly used in Go. A path traversal vulnerability exists in go-huge-util versions prior to 0.0.34. This vulnerability can be exploited to access files and directories stored outside of the web root folder...

8.8CVSS7.9AI score0.00614EPSS
Exploits0References4
Rows per page
Query Builder