CVE-2023-27475

Name of the Vulnerable Software and Affected Versions Goutil versions prior to 0.6.0

Description The issue is related to a ZipSlip vulnerability, which occurs when users use fsutil.Unzip to unzip zip files from a malicious attacker, potentially leading to path traversal attacks due to improper validation of paths. This vulnerability has been fixed in version 0.6.0.

Recommendations For versions prior to 0.6.0, upgrade to version 0.6.0 or above to resolve the issue. As a temporary workaround, consider avoiding the use of fsutil.Unzip to unzip files from untrusted sources until the upgrade is applied.