2020-06-17 16:00:21
snyk
PUBLISHED
In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesnt securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.