Vulnerability Description
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tar-Utils Project | Tar-Utils | < 0.0.0-20201201191210-20a61371de5b |
Related Weaknesses (CWE)
References
- https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30PatchThird Party Advisory
- https://pkg.go.dev/vuln/GO-2021-0106Third Party Advisory
- https://snyk.io/research/zip-slip-vulnerabilityTechnical DescriptionThird Party Advisory
- https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30PatchThird Party Advisory
- https://pkg.go.dev/vuln/GO-2021-0106Third Party Advisory
- https://snyk.io/research/zip-slip-vulnerabilityTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2020-36566?
CVE-2020-36566 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
How severe is CVE-2020-36566?
CVE-2020-36566 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-36566?
Check the references section above for vendor advisories and patch information. Affected products include: Tar-Utils Project Tar-Utils.