Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: March 7, 2023
Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue.
Weakness Type (CWE)
Upgrade to version v0.6.0
|Attack Vector (AV):||NETWORK|
|Attack Complexity (AC):||LOW|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||REQUIRED|