Lucene search
K

26 matches found

Cvelist
Cvelist
added 2020/09/01 1:55 p.m.26 views

CVE-2020-7666 Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based relative and absolute path traversal attacks in cpio file extraction...

7.5CVSS7.5AI score0.01527EPSS
Exploits1References2
CVE
CVE
added 2020/09/01 1:55 p.m.49 views

CVE-2020-7665

CVE-2020-7665 affects all versions of github.com/u-root/u-root/pkg/uzip. The connected sources describe a path traversal (Zip Slip) flaw in zip extraction that can lead to arbitrary file writes outside the target directory. Practical impact stated: risk of writing files outside the intended locat...

7.5CVSS7.4AI score0.01826EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2020/09/01 5:40 a.m.2 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/u-root/u-root/pkg/uzip is a package that provides Go versions of standard Linux tools and bootloaders. It also provides tools for compiling Go programs in a single binary and creating initramfs images. Affected versions of this package are vulnerable to Arbitrary File Write vi...

7.5CVSS7.8AI score0.01826EPSS
Exploits1References2
Snyk
Snyk
added 2020/09/01 5:39 a.m.3 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/u-root/u-root/pkg/cpio is a package that provides Go versions of standard Linux tools and bootloaders. It also provides tools for compiling Go programs in a single binary and creating initramfs images. Affected versions of this package are vulnerable to Arbitrary File Write vi...

7.5CVSS7.8AI score0.01527EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/09/01 12:0 a.m.6 views

PT-2020-19693 · U Root · U-Root

Name of the Vulnerable Software and Affected Versions: u-root versions affected versions not specified Description: The issue concerns path traversal attacks, specifically both leading and non-leading relative path traversal, in zip file extraction. This affects the u-root package, particularly i...

7.5CVSS6.6AI score0.01826EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2020/09/01 12:0 a.m.5 views

PT-2020-19694 · U Root · U-Root

Name of the Vulnerable Software and Affected Versions: u-root versions prior to 7.0.0 Description: The issue affects the cpio file extraction in the u-root package, making it vulnerable to leading and non-leading relative path traversal attacks, as well as symlink-based path traversal attacks, bo...

7.5CVSS6.9AI score0.01527EPSS
Exploits1References4
Rows per page
Query Builder