GHSA-pp3f-xrw5-q5j4

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-pp3f-xrw5-q5j4/GHSA-pp3f-xrw5-q5j4.json
Aliases
  • CVE-2022-41920
Published
2022-11-21T22:31:31Z
Modified
2022-11-22T21:48:03Z
Details

Impact

What kind of vulnerability is it? Who is impacted?

ZipSlip issue when use fileutil package to unzip files.

Patches

Has the problem been patched? What versions should users upgrade to?

It will fixed in v2.1.10, Please upgrade version to v2.1.10 or above. Users who use v1.x.x should upgrade v1.3.4 or above.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

No, users have to upgrade version.

References

Affected packages

Go / github.com/duke-git/lancet/v2/fileutil

github.com/duke-git/lancet/v2/fileutil

Affected ranges

Type
SEMVER
Events
Introduced
2.0.0
Fixed
2.1.10

Affected versions

Go / github.com/duke-git/lancet/v2/fileutil

github.com/duke-git/lancet/v2/fileutil

Affected ranges

Type
SEMVER
Events
Introduced
1.0.0
Fixed
1.3.4

Affected versions