CVE-2020-36561Path Traversal in Yi-ge Unzip Github.com Yi-ge Unzip

CWE-22Path Traversal5 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.6%
top 30.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Yi-ge Unzip Github.com Yi-ge UnzipGithub.com Yi-ge UnzipUnzip Project Unzip
Timeline
PublishedDec 27
Latest updateDec 28

Description

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDunzip_project/unzip< 1.0.3-0.20200308084313-2adbaa4891b9
Gogithub.com/yi-ge_unzip< 1.0.3-0.20200308084313-2adbaa4891b9
CVEListV5github.com/yi-ge_unzip_github.com_yi-ge_unzip< 1.0.3-0.20200308084313-2adbaa4891b9

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Unzip vulnerable to path traversal2022-12-28
OSV
Unzip vulnerable to path traversal2022-12-28
CVEList
Path traversal in github.com/yi-ge/unzip2022-12-27
OSV
Path traversal in github.com/yi-ge/unzip2021-04-14
CVE-2020-36561 — Path Traversal | cvebase