Vulnerability Report: GO-2024-2849
- CVE-2020-26312, GHSA-hf54-fq2m-p9v6
- Affects: github.com/dotmesh-io/dotmesh
- Published: Jun 05, 2024
- Unreviewed
dotmesh arbitrary file read and/or write in github.com/dotmesh-io/dotmesh
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-hf54-fq2m-p9v6, https://nvd.nist.gov/vuln/detail/CVE-2020-26312, or https://securitylab.github.com/advisories/GHSL-2020-254-zipslip-dotmesh.
Affected Modules
-
PathGo Versions
-
all versions, no known fixed
Aliases
References
- https://github.com/advisories/GHSA-hf54-fq2m-p9v6
- https://nvd.nist.gov/vuln/detail/CVE-2020-26312
- https://securitylab.github.com/advisories/GHSL-2020-254-zipslip-dotmesh
- https://github.com/dotmesh-io/dotmesh/blob/master/pkg/archiver/tar.go#L255
- https://vuln.go.dev/ID/GO-2024-2849.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.