github.com/unknwon/cae is vulnerable to directory traversal. The vulnerability exists as the ExtractTo
function does not sanitize file paths in zip archives, allowing ../
in file path to be resolved outside the intended extraction folder and potentially allowing arbitrary file write.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/unknwon/cae | le | v1.0.1 | |
github.com/unknwon/cae | le | v1.0.1 |