13 matches found
EUVD-2022-7401
Malicious code in bioql PyPI...
CVE-2022-41920
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...
GO-2022-1114 ZipSlip when unzipping files in github.com/duke-git/lancet
A ZipSlip vulnerability exists when using the fileutil package to unzip files...
Lancet vulnerable to path traversal when unzipping files
Impact What kind of vulnerability is it? Who is impacted? ZipSlip issue when use fileutil package to unzip files. Patches Has the problem been patched? What versions should users upgrade to? It will fixed in v2.1.10, Please upgrade version to v2.1.10 or above. Users who use v1.x.x should upgrade...
GHSA-PP3F-XRW5-Q5J4 Lancet vulnerable to path traversal when unzipping files
Impact What kind of vulnerability is it? Who is impacted? ZipSlip issue when use fileutil package to unzip files. Patches Has the problem been patched? What versions should users upgrade to? It will fixed in v2.1.10, Please upgrade version to v2.1.10 or above. Users who use v1.x.x should upgrade...
CVE-2022-41920
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...
Design/Logic Flaw
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...
CVE-2022-41920 Zip slip in Lancet
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...
CVE-2022-41920
Lancet’s Go library (github.com/duke-git/lancet) contains a ZipSlip vulnerability in the fileutil UnZip path when unzipping archives. Affected versions are vulnerable; the issue is addressed with fixes in Lancet v2.1.10 and v1.3.4. Upgrading to these versions or newer is advised. No explicit work...
CVE-2022-41920 Zip slip in Lancet
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...
Lancet 路径遍历漏洞
Lancet is a comprehensive, efficient and reusable go utility library by DuDaoDong's personal developer. A path traversal vulnerability exists in Lancet v1.9.02.001 versions 2.1.10 and 1.3.4, which stems from a ZipSlip issue when extracting files using the fileutil package...
lancet (>=0.7.3 <=0.7.6) potentially affected by CVE-2015-3220 via tlslite (=0.4.8)
tlslite PYPI version =0.4.8 is affected by a known vulnerability. The following packages have a transitive dependency on tlslite and may be impacted: - lancet =0.7.3, =0.7.6 Source cves: CVE-2015-3220 Source advisory: OSV:GHSA-4749-P7RX-8JJJ...
lancet (>=0.7.3 <=0.7.6) potentially affected by CVE-2015-3220 via tlslite (=0.4.8)
tlslite PYPI version =0.4.8 is affected by a known vulnerability. The following packages have a transitive dependency on tlslite and may be impacted: - lancet =0.7.3, =0.7.6 Source cves: CVE-2015-3220 Source advisory: OSV:PYSEC-2017-96...