GHSA-5g39-ppwg-6xx8

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-5g39-ppwg-6xx8/GHSA-5g39-ppwg-6xx8.json

Aliases

• CVE-2023-28105

Published

2023-03-16T18:32:38Z

Modified

2023-03-16T18:32:38Z

Details

Impact ZipSlip issue when use fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal.

Patches It has been fixed in v0.0.34, Please upgrade version to v0.0.34 or above.

Workarounds No, users have to upgrade version.

References

References

• https://github.com/dablelv/go-huge-util/security/advisories/GHSA-5g39-ppwg-6xx8
• https://nvd.nist.gov/vuln/detail/CVE-2023-28105
• https://github.com/dablelv/go-huge-util/commit/0e308b0fac8973e6fa251b0ab095cdc5c1c0956b
• https://github.com/dablelv/go-huge-util