GHSA-rhh4-rh7c-7r5v

Suggest an improvement
Source
https://github.com/advisories/GHSA-rhh4-rh7c-7r5v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-rhh4-rh7c-7r5v/GHSA-rhh4-rh7c-7r5v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rhh4-rh7c-7r5v
Aliases
Related
Published
2024-04-06T18:31:17Z
Modified
2024-07-02T02:42:58Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVSS Calculator
Summary
Archiver Path Traversal vulnerability
Details

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

Database specific 
{
    "nvd_published_at": "2024-04-06T17:15:07Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-08T15:44:41Z"
}
References

Affected packages

Go / github.com/mholt/archiver/v3

Package

Name
github.com/mholt/archiver/v3
View open source insights on deps.dev
Purl
pkg:golang/github.com/mholt/archiver/v3

Affected ranges

Type
SEMVER
Events
Introduced
3.0.0
Last affected
3.5.1

Go / github.com/mholt/archiver

Package

Name
github.com/mholt/archiver
View open source insights on deps.dev
Purl
pkg:golang/github.com/mholt/archiver

Affected ranges

Type
SEMVER
Events
Introduced
3.0.0
Last affected
3.5.1