Goutil vulnerable to path traversal when unzipping files

Impact

ZipSlip issue when use fsutil package to unzip files.
When users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal.

Patches

It has been fixed in v0.6.0, Please upgrade version to v0.6.0 or above.

Workarounds

No, users have to upgrade version.

References

inhere published to gookit/goutil Mar 7, 2023

Published by the National Vulnerability Database Mar 7, 2023

Published to the GitHub Advisory Database Mar 7, 2023

Reviewed Mar 7, 2023

Last updated Apr 27, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Impact

Patches

Workarounds

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code

Credits