CVE-2020-7668

Name of the Vulnerable Software and Affected Versions github.com/unknwon/cae/tz (affected versions not specified)

Description The issue arises from improper path sanitization in the ExtractTo function, which fails to securely escape file paths in zip archives containing leading or non-leading "..". This flaw allows an attacker to add or replace files system-wide. Archives with relative file paths can cause files to be written or overwritten outside the target directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.