Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:26549
HistorySep 02, 2020 - 4:00 a.m.

Arbitrary File Write

2020-09-0204:00:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

0.001 Low

EPSS

Percentile

40.0%

github.com/u-root/u-root/pkg/cpio is susceptible to arbitrary file write. The vulnerability exists because it uses filepath.Join without properly handling the file path for character / before performing cpio file extraction, therefore going out of the destination directory.

0.001 Low

EPSS

Percentile

40.0%

Related for VERACODE:26549