admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2020-7664: Adds affected software and versions in the description

Browse Source
This commit is contained in:
ggkitsas 2020-07-07 11:56:20 +01:00
parent 6434c765b7
commit 3e4f52eb41
No known key found for this signature in database
GPG Key ID: 94B316F4BEA97D6F
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/7xxx/CVE-2020-7664.json
View File

@ -58,7 +58,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading \"..\". This allows an attacker to add or replace files system-wide." "value": "In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading \"..\". This allows an attacker to add or replace files system-wide."
} }
] ]
}, },