Candidate: CVE-2020-7664
PublicDate: 2020-06-23 19:38:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7664
 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383
Description:
 In all versions of the package github.com/unknwon/cae/zip, the ExtractTo
 function doesn't securely escape file paths in zip archives which include
 leading or non-leading "..". This allows an attacker to add or replace
 files system-wide.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_golang-github-unknwon-cae:
upstream_golang-github-unknwon-cae: needs-triage
precise/esm_golang-github-unknwon-cae: DNE
trusty_golang-github-unknwon-cae: ignored (out of standard support)
trusty/esm_golang-github-unknwon-cae: DNE
xenial_golang-github-unknwon-cae: DNE
bionic_golang-github-unknwon-cae: needs-triage
eoan_golang-github-unknwon-cae: ignored (reached end-of-life)
focal_golang-github-unknwon-cae: needs-triage
groovy_golang-github-unknwon-cae: DNE
hirsute_golang-github-unknwon-cae: DNE
impish_golang-github-unknwon-cae: DNE
jammy_golang-github-unknwon-cae: DNE
devel_golang-github-unknwon-cae: DNE