CVE-2020-7669

This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/u-root/u-root/pkg/tarutil is a package that provides Go versions of standard Linux tools and bootloaders. It also provides tools for compiling Go programs in a single binary and creating initramfs images. Affected versions of this package are vulnerable to Arbitrary File Write...