Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yaGg0LXJoN2MtN3I1ds4AA6r1
Archiver Path Traversal vulnerability
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
Permalink: https://github.com/advisories/GHSA-rhh4-rh7c-7r5vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yaGg0LXJoN2MtN3I1ds4AA6r1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 months ago
Updated: 5 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Identifiers: GHSA-rhh4-rh7c-7r5v, CVE-2024-0406
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-0406
- https://access.redhat.com/security/cve/CVE-2024-0406
- https://bugzilla.redhat.com/show_bug.cgi?id=2257749
- https://github.com/advisories/GHSA-rhh4-rh7c-7r5v
Affected Packages
go:github.com/mholt/archiver
Dependent packages: 1,185Dependent repositories: 1,724
Downloads:
Affected Version Ranges: >= 3.0.0, <= 3.5.1
No known fixed version
All affected versions: 3.0.0, 3.0.1, 3.1.0, 3.1.1
go:github.com/mholt/archiver/v3
Dependent packages: 1,162Dependent repositories: 2,881
Downloads:
Affected Version Ranges: >= 3.0.0, <= 3.5.1
No known fixed version
All affected versions: 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.5.0, 3.5.1