GCVE - cpe:2.3:a:n/a:github.com/sassoftware/go-rpmutils/cpio:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:github.com/sassoftware/go-rpmutils/cpio:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Github.Com/Sassoftware/Go Rpmutils/Cpio (`05ce94a7-4af4-5c70-b3d6-28966937a67c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-7667`	vulnerable	2026-06-08 05:27:13.923877	Arbitrary File Write via Archive Extraction (Zip Slip) HIGH (7.5) In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released. Published: 2020-06-24T12:00:15.519Z Updated: 2024-09-17T02:48:08.483Z Open on db.gcve.eu Reference links https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427 https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.