GO-2022-0929 Tarslip in go-unarr in github.com/gen2brain/go-unarr

Tarslip in go-unarr in github.com/gen2brain/go-unarr...

go-unarr directory traversal vulnerability

go-unarr is an open source go language library for decompressing RAR, TAR, ZIP and 7z archives. go-unarr version 0.1.1 is vulnerable to a directory traversal vulnerability that could be exploited to write arbitrary files on the system via specially crafted TAR archives...

CVE-2021-38197

unarr.go in go-unarr aka Go bindings for unarr 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive...

Directory traversal

unarr.go in go-unarr aka Go bindings for unarr 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive...

CVE-2021-38197

CVE-2021-38197 affects go-unarr (Go bindings for unarr) version 0.1.1, where a Directory Traversal flaw allows the use of .. in TAR archive paths to access files outside the intended directory. This vulnerability is corroborated across multiple sources (NVD entry, GHSA, OSV, Veracode, CNVD, and o...