CVE-2024-47877

MEDIUM Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-22
View all →

Vulnerability Description

Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4 will require to implement the new methods that have been added.

Related Vulnerabilities

CVE-2007-3967

HIGH
CVSS:7.5(High)

Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder parame...

CWE-222007

CVE-2008-3939

HIGH
CVSS:7.5(High)

Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

CWE-222008

CVE-2010-0013

HIGH
CVSS:7.5(High)

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/...

CWE-222010

CVE-2010-10011

HIGH
CVSS:7.5(High)

A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the...

CWE-222010

CVE-2010-5334

HIGH
CVSS:7.5(High)

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain paramet...

CWE-222010