Lucene search
Veracode Vulnerability DatabaseVERACODE:26549HistorySep 02, 2020 - 4:00 a.m.
Arbitrary File Write
2020-09-0204:00:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
EPSS
0.001
Percentile
40.0%
github.com/u-root/u-root/pkg/cpio is susceptible to arbitrary file write. The vulnerability exists because it uses filepath.Join without properly handling the file path for character / before performing cpio file extraction, therefore going out of the destination directory.
Related
cvelist
cvelist
CVE-2020-7666 Arbitrary File Write via Archive Extraction (Zip Slip)
2020-09-01 00:00:00
cve
cve
CVE-2020-7666
2020-09-01 14:15:14
prion
prion
Path traversal
2020-09-01 14:15:00
osv
osv
github
github
nvd
nvd
CVE-2020-7666
2020-09-01 14:15:14