Security Advisory

CVE-2020-7668

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-06-17 16:00:21

Last updated 2024-09-17 02:05:34

Assigner snyk

State PUBLISHED

Description

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesnt securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.

← Browse all CVEs View on cve.org ↗