Fission 路径遍历漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a path traversal vulnerability. This vulnerability stemmed from the Unarchive function using filepath.Join to concatenate the archive entry name with the target directory,...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/mholt/archiver is a cross-platform, multi-format archive utility and Go library. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip in the Unarchive function. An attacker can overwrite sensitive files and potentially escala...

CVE-2025-3445

A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using the...

PT-2019-12020 · Archive · Archiver

Name of the Vulnerable Software and Affected Versions: archiver versions all Description: The issue allows an attacker to perform a Zip Slip attack via the unarchive functions. This is exploited using a specially crafted zip archive that holds path traversal filenames. When exploited, a filename ...