CVE-2023-28105

CVSS V2 None CVSS V3 None
Description
go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use `zip.Unzip` to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds.
Overview
  • CVE ID
  • CVE-2023-28105
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-16T17:15:09
  • Last Modified Date
  • 2023-03-23T13:59:56
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:go-huge-util_project:go-huge-util:*:*:*:*:*:go:*:* 1 OR 0.0.34
History
Created Old Value New Value Data Type Notes
2023-04-17 06:35:37 Added to TrackCVE
2023-04-17 06:35:40 Weakness Enumeration new