Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:38084
HistoryNov 18, 2022 - 2:10 a.m.

Path Traversal

2022-11-1802:10:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
vulnerability
fileutil subpackage
path traversal
zipslip
unzip function
malicious zip file
software

EPSS

0.002

Percentile

59.0%

JSON

The fileutil subpackage in github.com/duke-git/lancet is vulnerable to path traversal. The vulnerability exists in the UnZip function in file.go due to a ZipSlip vulnerability which allows an attacker to create files outside the designated target directory using malicious zip file names.

Related

prion 1
osv 3
nvd 1
cvelist 1
github 1
cve 1
prion
prion
Design/Logic Flaw
2022-11-17 18:15:00
osv
osv
Lancet vulnerable to path traversal when unzipping files
2022-11-21 22:31:31
ZipSlip when unzipping files in github.com/duke-git/lancet
2022-12-07 18:39:23
CVE-2022-41920
2022-11-17 18:15:10
nvd
nvd
CVE-2022-41920
2022-11-17 18:15:10
cvelist
cvelist
CVE-2022-41920 Zip slip in Lancet
2022-11-17 00:00:00
github
github
Lancet vulnerable to path traversal when unzipping files
2022-11-21 22:31:31
cve
cve
CVE-2022-41920
2022-11-17 18:15:10

EPSS

0.002

Percentile

59.0%

JSON
Related for VERACODE:38084
prion1osv3nvd1cvelist1github1cve1