Jared Allard

1 exploit Active since Nov 2025
CVE-2025-64346 WRITEUP MEDIUM WRITEUP
archives < 1.0.1 - Path Traversal and Remote Code Execution via Malicious Archive Extraction
archives is a Go library for extracting archives (tar, zip, etc.). Version 1.0.0 does not prevent a malicious user to feed a specially crafted archive to the library causing RCE, modification of files or other malignancies in the context of whatever the user is running this library as, through the program that imports it. Severity depends on user permissions, environment and how arbitrary archives are passed. This issue is fixed in version 1.0.1.