Directory Traversal Vulnerability in mholt/archiver Golang Package
CVE-2018-1002207

5.5MEDIUM

Key Information:

Vendor

Golang

Status
Archiver
Vendor
CVE Published:
3 October 2022

What is CVE-2018-1002207?

The mholt/archiver Golang package is susceptible to a directory traversal vulnerability that can be exploited when handling archive extractions. This flaw allows attackers to navigate the directory structure using the '..' (dot dot) notation, potentially leading to unauthorized file writing on the file system. This vulnerability poses significant risks as it could enable unauthorized access to sensitive files or system configurations, reinforcing the need for developers to implement robust input validation and sanitization mechanisms.

Affected Version(s)

archiver < unspecified

References

https://snyk.io/research/zip-slip-vulnerability
x_refsource_MISC
https://github.com/snyk/zip-slip-vulnerability
x_refsource_MISC
https://github.com/mholt/archiver/pull/65
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.