CVE-2020-7669

Name of the Vulnerable Software and Affected Versions github.com/u-root/u-root/pkg/tarutil versions prior to 0.7.0

Description The issue affects the tar file extraction in the github.com/u-root/u-root/pkg/tarutil package, making it vulnerable to both leading and non-leading relative path traversal attacks. This can lead to arbitrary file write via archive extraction, also known as Zip Slip.

Recommendations For versions prior to 0.7.0, update to version 0.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the tar file extraction functionality in the affected package until a patch is available.