{"id":"GO-2020-0034","summary":"Path traversal in github.com/artdarek/go-unzip","details":"Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.","aliases":["CVE-2020-36560","GHSA-rmj9-q58g-9qgg"],"modified":"2024-05-20T16:03:47Z","published":"2021-04-14T20:04:52Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2020-0034"},"references":[{"type":"FIX","url":"https://github.com/artdarek/go-unzip/pull/2"},{"type":"FIX","url":"https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0"},{"type":"WEB","url":"https://snyk.io/research/zip-slip-vulnerability"}],"affected":[{"package":{"name":"github.com/artdarek/go-unzip","ecosystem":"Go","purl":"pkg:golang/github.com/artdarek/go-unzip"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.0.0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/artdarek/go-unzip","symbols":["Unzip.Extract"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2020-0034.json"}}],"schema_version":"1.7.3"}