CVE-2020-7665

HIGH

u-root < 0.9.0 - Path Traversal in Zip File Extraction

Title source: llm
STIX 2.1

Description

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGUZIP-570441
Patch, Third Party Advisory x_refsource_misc
https://github.com/u-root/u-root/pull/1817

Scores

CVSS v3 7.5
EPSS 0.0183
EPSS Percentile 76.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (2)
u-root/u-root
u-root/u-root 0 - 0.9.0Go
Published Sep 01, 2020
Tracked Since Feb 18, 2026