Vulnerability Details CVE-2022-41920
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.4%
CVSS Severity
CVSS v3 Score 6.3
References
- https://github.com/duke-git/lancet/commit/f133b32faa05eb93e66175d01827afa4b7094572
- https://github.com/duke-git/lancet/commit/f869a0a67098e92d24ddd913e188b32404fa72c9
- https://github.com/duke-git/lancet/issues/62
- https://github.com/duke-git/lancet/security/advisories/GHSA-pp3f-xrw5-q5j4
- https://github.com/duke-git/lancet/commit/f133b32faa05eb93e66175d01827afa4b7094572
- https://github.com/duke-git/lancet/commit/f869a0a67098e92d24ddd913e188b32404fa72c9
- https://github.com/duke-git/lancet/issues/62
- https://github.com/duke-git/lancet/security/advisories/GHSA-pp3f-xrw5-q5j4
Products affected by CVE-2022-41920
-
cpe:2.3:a:lancet_project:lancet:1.0.0
-
cpe:2.3:a:lancet_project:lancet:1.0.1
-
cpe:2.3:a:lancet_project:lancet:1.0.10
-
cpe:2.3:a:lancet_project:lancet:1.0.2
-
cpe:2.3:a:lancet_project:lancet:1.0.3
-
cpe:2.3:a:lancet_project:lancet:1.0.4
-
cpe:2.3:a:lancet_project:lancet:1.0.5
-
cpe:2.3:a:lancet_project:lancet:1.0.6
-
cpe:2.3:a:lancet_project:lancet:1.0.7
-
cpe:2.3:a:lancet_project:lancet:1.0.8
-
cpe:2.3:a:lancet_project:lancet:1.0.9
-
cpe:2.3:a:lancet_project:lancet:1.1.0
-
cpe:2.3:a:lancet_project:lancet:1.1.1
-
cpe:2.3:a:lancet_project:lancet:1.1.10
-
cpe:2.3:a:lancet_project:lancet:1.1.2
-
cpe:2.3:a:lancet_project:lancet:1.1.3
-
cpe:2.3:a:lancet_project:lancet:1.1.4
-
cpe:2.3:a:lancet_project:lancet:1.1.5
-
cpe:2.3:a:lancet_project:lancet:1.1.6
-
cpe:2.3:a:lancet_project:lancet:1.1.7
-
cpe:2.3:a:lancet_project:lancet:1.1.8
-
cpe:2.3:a:lancet_project:lancet:1.1.9
-
cpe:2.3:a:lancet_project:lancet:1.2.0
-
cpe:2.3:a:lancet_project:lancet:1.2.1
-
cpe:2.3:a:lancet_project:lancet:1.2.2
-
cpe:2.3:a:lancet_project:lancet:1.2.3
-
cpe:2.3:a:lancet_project:lancet:1.2.4
-
cpe:2.3:a:lancet_project:lancet:1.2.5
-
cpe:2.3:a:lancet_project:lancet:1.2.6
-
cpe:2.3:a:lancet_project:lancet:1.2.7
-
cpe:2.3:a:lancet_project:lancet:1.2.8
-
cpe:2.3:a:lancet_project:lancet:1.2.9
-
cpe:2.3:a:lancet_project:lancet:1.3.0
-
cpe:2.3:a:lancet_project:lancet:1.3.1
-
cpe:2.3:a:lancet_project:lancet:1.3.2
-
cpe:2.3:a:lancet_project:lancet:1.3.3
-
cpe:2.3:a:lancet_project:lancet:2.0.0
-
cpe:2.3:a:lancet_project:lancet:2.0.1
-
cpe:2.3:a:lancet_project:lancet:2.0.2
-
cpe:2.3:a:lancet_project:lancet:2.0.3
-
cpe:2.3:a:lancet_project:lancet:2.0.4
-
cpe:2.3:a:lancet_project:lancet:2.0.5
-
cpe:2.3:a:lancet_project:lancet:2.0.6
-
cpe:2.3:a:lancet_project:lancet:2.0.7
-
cpe:2.3:a:lancet_project:lancet:2.0.8
-
cpe:2.3:a:lancet_project:lancet:2.0.9
-
cpe:2.3:a:lancet_project:lancet:2.1.0
-
cpe:2.3:a:lancet_project:lancet:2.1.1
-
cpe:2.3:a:lancet_project:lancet:2.1.2
-
cpe:2.3:a:lancet_project:lancet:2.1.3
-
cpe:2.3:a:lancet_project:lancet:2.1.4
-
cpe:2.3:a:lancet_project:lancet:2.1.5
-
cpe:2.3:a:lancet_project:lancet:2.1.6
-
cpe:2.3:a:lancet_project:lancet:2.1.7
-
cpe:2.3:a:lancet_project:lancet:2.1.8
-
cpe:2.3:a:lancet_project:lancet:2.1.9