cve/CVE-2020-7667.md at eda58812c5773678e9432b65209fee245db925e7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released.

POC

Reference

https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427

Github

https://github.com/k1LoW/oshka

1.0 KiB Raw Blame History

CVE-2020-7667

Description

POC

Reference

Github

1.0 KiB

Raw Blame History