CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Compression And Archive Extensions Tz Project: >> Compression And Archive Extensions Tz Project Security Vulnerabilities

CVE-2020-7668

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.

CVSS Score

7.5

EPSS Score

0.003

Published

2020-06-23

Page 1

Vulnerabilities

Vulnerable Software

Compression And Archive Extensions Tz Project: >> Compression And Archive Extensions Tz Project Security Vulnerabilities

Products

Pricing

Contact Us