Vulnerability Details CVE-2020-7668
In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-7668
-
Compression And Archive Extensions Tz Project » Compression And Archive Extensions Tz Project » Version: Anycpe:2.3:a:compression_and_archive_extensions_tz_project:compression_and_archive_extensions_tz_project:*