Lucene search
+L

13 matches found

osv
osv
added 2026/01/01 10:8 p.m.4 views

MAL-2026-6 Malicious code in ziphash (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e9a36a54bad10e0f086740a84fd0a837dd4bf1cc9c3c0707648af4bb3855a03e During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.2AI score
Exploits0References4
ossf
ossf
added 2025/12/10 10:53 p.m.6 views

Malicious code in gxzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e0dd8700d5267b8d9bbe270798b11d2250761decf1de89249eab6d90a29080c During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.3AI score
Exploits0References4
osv
osv
added 2025/12/10 10:53 p.m.11 views

MAL-2025-192467 Malicious code in gxzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e0dd8700d5267b8d9bbe270798b11d2250761decf1de89249eab6d90a29080c During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.2AI score
Exploits0References4
ossf
ossf
added 2025/11/23 12:20 p.m.7 views

Malicious code in minizip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33ba100525dffc7a828e4b7384f862ff22dfb55d2e7d61a34c0d31ecdff64c10 During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.3AI score
Exploits0References4
ossf
ossf
added 2025/11/22 5:1 p.m.7 views

Malicious code in mzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfa6ef3ee944ed5eef4429c7c9ec9488d9c2c70be6435ee1019851527272a9e4 During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.3AI score
Exploits0References4
ossf
ossf
added 2025/11/22 4:53 p.m.7 views

Malicious code in uzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ee20087db4a86ce68765ba8046732e8f1fc906c58a0303e836429a63788dc97f During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.3AI score
Exploits0References4
osv
osv
added 2025/11/22 4:53 p.m.4 views

MAL-2025-191919 Malicious code in uzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ee20087db4a86ce68765ba8046732e8f1fc906c58a0303e836429a63788dc97f During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.2AI score
Exploits0References4
osv
osv
added 2020/09/01 2:15 p.m.2 views

CVE-2020-7665

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

7.5CVSS7.1AI score0.01826EPSS
Exploits1References2
prion
prion
added 2020/09/01 2:15 p.m.18 views

Path traversal

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

5CVSS7.5AI score0.01826EPSS
Exploits1References2
cve
cve
added 2020/09/01 1:55 p.m.51 views

CVE-2020-7665

CVE-2020-7665 affects all versions of github.com/u-root/u-root/pkg/uzip. The connected sources describe a path traversal (Zip Slip) flaw in zip extraction that can lead to arbitrary file writes outside the target directory. Practical impact stated: risk of writing files outside the intended locat...

7.5CVSS7.4AI score0.01826EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2020/09/01 1:55 p.m.32 views

CVE-2020-7665 Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

7.5CVSS7.5AI score0.01826EPSS
Exploits1References2
snyk
snyk
added 2020/09/01 5:40 a.m.3 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/u-root/u-root/pkg/uzip is a package that provides Go versions of standard Linux tools and bootloaders. It also provides tools for compiling Go programs in a single binary and creating initramfs images. Affected versions of this package are vulnerable to Arbitrary File Write vi...

7.5CVSS7.8AI score0.01826EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2020/09/01 12:0 a.m.7 views

PT-2020-19693 · U Root · U-Root

Name of the Vulnerable Software and Affected Versions: u-root versions affected versions not specified Description: The issue concerns path traversal attacks, specifically both leading and non-leading relative path traversal, in zip file extraction. This affects the u-root package, particularly i...

7.5CVSS6.6AI score0.01826EPSS
Exploits1References7
Rows per page
Query Builder