MAL-2026-6 Malicious code in ziphash (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e9a36a54bad10e0f086740a84fd0a837dd4bf1cc9c3c0707648af4bb3855a03e During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

Malicious code in gxzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e0dd8700d5267b8d9bbe270798b11d2250761decf1de89249eab6d90a29080c During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

MAL-2025-192467 Malicious code in gxzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e0dd8700d5267b8d9bbe270798b11d2250761decf1de89249eab6d90a29080c During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

Malicious code in minizip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33ba100525dffc7a828e4b7384f862ff22dfb55d2e7d61a34c0d31ecdff64c10 During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

Malicious code in mzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfa6ef3ee944ed5eef4429c7c9ec9488d9c2c70be6435ee1019851527272a9e4 During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

Malicious code in uzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ee20087db4a86ce68765ba8046732e8f1fc906c58a0303e836429a63788dc97f During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

MAL-2025-191919 Malicious code in uzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ee20087db4a86ce68765ba8046732e8f1fc906c58a0303e836429a63788dc97f During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

CVE-2020-7665

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

Path traversal

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

CVE-2020-7665

CVE-2020-7665 affects all versions of github.com/u-root/u-root/pkg/uzip. The connected sources describe a path traversal (Zip Slip) flaw in zip extraction that can lead to arbitrary file writes outside the target directory. Practical impact stated: risk of writing files outside the intended locat...

CVE-2020-7665 Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/u-root/u-root/pkg/uzip is a package that provides Go versions of standard Linux tools and bootloaders. It also provides tools for compiling Go programs in a single binary and creating initramfs images. Affected versions of this package are vulnerable to Arbitrary File Write vi...

PT-2020-19693 · U Root · U-Root

Name of the Vulnerable Software and Affected Versions: u-root versions affected versions not specified Description: The issue concerns path traversal attacks, specifically both leading and non-leading relative path traversal, in zip file extraction. This affects the u-root package, particularly i...