Lucene search
Veracode Vulnerability DatabaseVERACODE:39827HistoryMar 18, 2023 - 10:27 a.m.
Path Traversal
2023-03-1810:27:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
path traversal
github.com/dablelv/go-huge-util
create function
file.go
uncompressed file name
directory traversal
software
0.002 Low
EPSS
Percentile
54.4%
github.com/dablelv/go-huge-util is vulnerable to Path Traversal. The vulnerability exists due to the Create function in file/file.go because the library fails to strip ../ from the uncompressed file name, which allows an attacker to traverse outside the expected directory.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/dablelv/go-huge-util | le | v0.0.33 | |
| github.com/dablelv/go-huge-util | le | v0.0.33 |
Related
osv
osv
Go-huge-util vulnerable to path traversal when unzipping files
2023-03-16 18:32:38
CVE-2023-28105
2023-03-16 17:15:09
Path traversal when unzipping files in github.com/dablelv/go-huge-util
2023-08-23 14:38:02
prion
prion
Path traversal
2023-03-16 17:15:00
cve
cve
CVE-2023-28105
2023-03-16 17:15:09
nvd
nvd
CVE-2023-28105
2023-03-16 17:15:09
github
github
Go-huge-util vulnerable to path traversal when unzipping files
2023-03-16 18:32:38
cvelist
cvelist