Go Rpm Utils
Approved changes feed: RSS · Atom
cpe:2.3:a:sas:go_rpm_utils:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Sas (92141fd0-1bae-5599-a81e-a7636e003c39) |
|---|---|
| Product | Go Rpm Utils (3b300581-2058-5e12-af3a-b434c509edae) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/sassoftware/go-rpmutils |
purl2cpe | 2026-06-01 10:15:37.285886 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-7667 |
vulnerable | 2026-06-03 14:43:07.064760 |
Arbitrary File Write via Archive Extraction (Zip Slip)
HIGH (7.5)
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released.
Published: 2020-06-24T12:00:15.519Z
Updated: 2024-09-17T02:48:08.483Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.