Lucene search
Veracode Vulnerability DatabaseVERACODE:25760HistoryJun 25, 2020 - 3:10 a.m.
Arbitrary File Write
2020-06-2503:10:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.001 Low
EPSS
Percentile
40.1%
github.com/sassoftware/go-rpmutils is vulnerable to arbitrary file write. The vulnerability exists as the extract function in cpio/extract_test.go does not restrict the filepath path to the dest, allowing extraction outside the permitted cpio path.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/sassoftware/go-rpmutils | eq | HEAD | |
| github.com/sassoftware/go-rpmutils | eq | HEAD |
Related
nvd
nvd
CVE-2020-7667
2020-06-24 12:15:12
github
github
osv
osv
github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip)
2021-06-23 17:13:29
CVE-2020-7667
2020-06-24 12:15:12
prion
prion
Design/Logic Flaw
2020-06-24 12:15:00
cve
cve
CVE-2020-7667
2020-06-24 12:15:12
cvelist
cvelist
CVE-2020-7667 Arbitrary File Write via Archive Extraction (Zip Slip)
2020-06-24 00:00:00
ibm
ibm