archive/zip in Go 1.16.x prior to 1.16.1 allows malicious users to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
golang go |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |