CVE-2020-36561
CRITICAL WAF: High
CVSS 9.1
Published: 2022-12-27
CWE-22
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| unzip_project | unzip | up to 1.0.3-0.20200308084313-2adbaa4891b9 |
References
- github.com (Patch, Third Party Advisory)
- github.com (Exploit, Third Party Advisory)
- pkg.go.dev (Third Party Advisory)
- snyk.io (Technical Description, Third Party Advisory)