cbcvebase.
CVE-2020-36561
published 2022-12-27

CVE-2020-36561: Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

PriorityP346critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
1.32%
67.4th percentile
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comyi-ge_unzip>= 0 < 1.0.3-0.20200308084313-2adbaa4891b91.0.3-0.20200308084313-2adbaa4891b9
github.comyi-ge_unzip_github.com_yi-ge_unzip< 1.0.3-0.20200308084313-2adbaa4891b91.0.3-0.20200308084313-2adbaa4891b9
unzip_projectunzip< 1.0.3-0.20200308084313-2adbaa4891b91.0.3-0.20200308084313-2adbaa4891b9
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.