This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-09-01
This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-01
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-01