GO-2024-2698

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2024-2698

Import Source

https://vuln.go.dev/ID/GO-2024-2698.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2024-2698

Aliases

CVE-2024-0406
GHSA-rhh4-rh7c-7r5v

Published

2024-06-05T15:10:52Z

Modified

2024-07-01T21:50:42Z

Summary

Archiver Path Traversal vulnerability in github.com/mholt/archiver

Details

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-2698"
}

References

Affected packages

Go / github.com/mholt/archiver

Package

Name: github.com/mholt/archiver; View open source insights on deps.dev
Purl: pkg:golang/github.com/mholt/archiver

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Go / github.com/mholt/archiver/v3

Package

Name: github.com/mholt/archiver/v3; View open source insights on deps.dev
Purl: pkg:golang/github.com/mholt/archiver/v3

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected