Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5ajQtY3A2My1xdjYy

Critical EPSS: 0.00872% (0.74551 Percentile) EPSS:
Permalink JSON

Tarslip in go-unarr

Affected Packages Affected Versions Fixed Versions
go:github.com/gen2brain/go-unarr
PURL: pkg:go/github.com%2Fgen2brain%2Fgo-unarr
< 0.1.4 0.1.4
37 Dependent packages
41 Dependent repositories

Affected Version Ranges

All affected versions

v0.1.0, v0.1.1, v0.1.2, v0.1.3

All unaffected versions

v0.1.4, v0.1.5, v0.1.6, v0.1.7, v0.2.0, v0.2.1, v0.2.2, v0.2.3, v0.2.4

unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.

References:

Identifiers

GHSA-v9j4-cp63-qv62

CVE-2021-38197

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00872

EPSS Percentile: 0.74551

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/gen2brain/go-unarr

Date and time

Published

about 4 years ago

Updated

over 2 years ago

API

JSON