Closed
Description
In GitHub Security Advisory GHSA-rhh4-rh7c-7r5v, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/mholt/archiver | >= 3.0.0, <= 3.5.1 |
Cross references:
- Module github.com/mholt/archiver appears in issue x/vulndb: potential Go vuln in github.com/mholt/archiver: GHSA-5wmg-j84w-4jj4 #799 NOT_IMPORTABLE
- Module github.com/mholt/archiver appears in issue x/vulndb: potential Go vuln in github.com/mholt/archiver/cmd/arc: GHSA-h74j-692g-48mq #842 NOT_IMPORTABLE
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/mholt/archiver
versions:
- introduced: TODO (earliest fixed "", vuln range ">= 3.0.0, <= 3.5.1")
packages:
- package: github.com/mholt/archiver
- module: github.com/mholt/archiver
versions:
- introduced: TODO (earliest fixed "", vuln range ">= 3.0.0, <= 3.5.1")
packages:
- package: github.com/mholt/archiver/v3
summary: Archiver Path Traversal vulnerability
cves:
- CVE-2024-0406
ghsas:
- GHSA-rhh4-rh7c-7r5v
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2024-0406
- web: https://access.redhat.com/security/cve/CVE-2024-0406
- web: https://bugzilla.redhat.com/show_bug.cgi?id=2257749
- advisory: https://github.com/advisories/GHSA-rhh4-rh7c-7r5v