You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The unTar function constructs destination paths by concatenating the destination directory, a path separator, and the untrusted filename from the archive here:
dst := dstPath + "/" + header.Name
This is vulnerable to path traversal if header.Name contains ../outside for example.
The
unTar
function constructs destination paths by concatenating the destination directory, a path separator, and the untrusted filename from the archive here:This is vulnerable to path traversal if
header.Name
contains../outside
for example.The shortest code to sanitize the path would be:
Thank you.
The text was updated successfully, but these errors were encountered: