GHSA-5g39-ppwg-6xx8

Source
https://github.com/advisories/GHSA-5g39-ppwg-6xx8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-5g39-ppwg-6xx8/GHSA-5g39-ppwg-6xx8.json
Aliases
Published
2023-03-16T18:32:38Z
Modified
2023-11-08T04:12:08.557968Z
Details

Impact ZipSlip issue when use fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal.

Patches It has been fixed in v0.0.34, Please upgrade version to v0.0.34 or above.

Workarounds No, users have to upgrade version.

Specific Go Packages Affected github.com/dablelv/go-huge-util/zip

References

References

Affected packages

Go / github.com/dablelv/go-huge-util

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.0.34