github.com/sassoftware/go-rpmutils is vulnerable to arbitrary file write. The vulnerability exists as the extract function in cpio/extract_test.go
does not restrict the filepath
path to the dest
, allowing extraction outside the permitted cpio path.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/sassoftware/go-rpmutils | eq | HEAD | |
github.com/sassoftware/go-rpmutils | eq | HEAD |