GHSA-75QF-WGFJ-V652 github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions up to and including version 0.7.0 of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...

Arbitrary File Write

github.com/u-root/u-root/pkg/tarutil is vulnerable to arbitrary file write. The vulnerability exists due to the incorrect usage of filepath.Join"/", path when performing cpio file extraction...

CVE-2020-7669

This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...

CVE-2020-7669

CVE-2020-7669 affects the Go package github.com/u-root/u-root/pkg/tarutil, vulnerable to both leading and non-leading relative path traversal attacks during tar extraction (Zip Slip). The issue is present in versions prior to 0.7.0; the restoration of safe extraction is achieved by upgrading to n...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/u-root/u-root/pkg/tarutil is a package that provides Go versions of standard Linux tools and bootloaders. It also provides tools for compiling Go programs in a single binary and creating initramfs images. Affected versions of this package are vulnerable to Arbitrary File Write...

PT-2020-19697 · U Root · U-Root

Name of the Vulnerable Software and Affected Versions: github.com/u-root/u-root/pkg/tarutil versions prior to 0.7.0 Description: The issue affects the tar file extraction in the github.com/u-root/u-root/pkg/tarutil package, making it vulnerable to both leading and non-leading relative path...