Security Advisory

CVE-2023-28105

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-16 16:26:34

Last updated 2025-02-25 14:55:23

Assigner GitHub_M

State PUBLISHED

Description

go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use `zip.Unzip` to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds.

← Browse all CVEs View on cve.org ↗