CVE-2020-7665

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions u-root versions (affected versions not specified)

Description The issue concerns path traversal attacks, specifically both leading and non-leading relative path traversal, in zip file extraction. This affects the u-root package, particularly in the github.com/u-root/u-root/pkg/uzip component.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-7665

GHSA-58PF-PCWV-QG85

GO-2022-0793

SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGUZIP-570441

Affected Products

U-Root

CVE-2020-7665

Weakness Enumeration

Related Identifiers

Affected Products

References · 8