Skip to content

Commit

Permalink
mholt/archiver is currently vulnerable again to Zip Slip attack
Browse files Browse the repository at this point in the history 
Proofs:
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728
mholt/archiver#169
  • Loading branch information
@giuliocomi
giuliocomi committed Mar 9, 2020
1 parent d80032b commit 64aa75b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ Many of the following affected libraries exist because their ecosystems lack hig
| Java library | [zip4j](http://www.lingala.net/zip4j/) | Java | YES | [1.3.3](https://mvnrepository.com/artifact/net.lingala.zip4j/zip4j) | [CVE-2018-1002202](https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679) | [13/6/2018](https://github.com/srikanth-lingala/zip4j/blob/master/src/main/java/net/lingala/zip4j/zip/UnzipEngine.java#L148) |
| .NET library | [DotNetZip.Semverd](https://github.com/haf/DotNetZip.Semverd) | .NET | YES | 1.11.0 | [CVE-2018-1002205](https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245) | [7/5/2018](https://github.com/haf/DotNetZip.Semverd/compare/master...shana:bugs/relative-paths?expand=1) |
| .NET library | [SharpCompress](https://github.com/adamhathcock/sharpcompress) | .NET | YES | 0.21.0 | [CVE-2018-1002206](https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246) | [2/5/2018](https://github.com/adamhathcock/sharpcompress/blob/2a5494a804dd3d6f5bec1ec79a52d54ffce610f5/src/SharpCompress/Archives/IArchiveEntryExtensions.cs#L58-L67) |
| Go library | [mholt/archiver](https://github.com/mholt/archiver) | Go | YES | e4ef56d4 | [CVE-2018-1002207](https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071) | [17/4/2018](https://github.com/mholt/archiver/pull/65) |
| Go library | [mholt/archiver](https://github.com/mholt/archiver) | Go | YES | N/A | [CVE-2019-10743](https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728) |
| Oracle | [java.util.zip](https://docs.oracle.com/javase/8/docs/api/index.html?java/util/zip/package-summary.html) | Java | * No High Level API | Documentation Fix | N/A | |
| Apache | [commons-compress](https://github.com/apache/commons-compress/) | Java | * No High Level API | Documentation Fix | N/A | [23/4/2018](https://github.com/apache/commons-compress/commit/97867f6fa3634c77dfafd76c89ecb1087f5cd1ae#diff-1d31ec0d64a29d487ff7377fd8d20cddR359) |
| .NET library | [SharpZipLib](https://github.com/icsharpcode/SharpZipLib) | .NET | YES | v1.0.0 | [CVE-2018-1002208](https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247) | [19/8/2018](https://github.com/icsharpcode/SharpZipLib/commit/5376c2daf1c0e0665398dee765af2047e43146ca) |
Expand Down

0 comments on commit 64aa75b

Please sign in to comment.