Identifier

CVE-2020-7666

Package Slug

go/github.com/u-root/u-root/pkg/uzip

Vulnerability

Path Traversal

Description

This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction.

Affected Versions

All versions

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-06

source