In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an malicious user to add or replace files system-wide.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
compression and archive extensions project compression and archive extensions zip project |