archiver icon indicating copy to clipboard operation
archiver copied to clipboard

Published 20 hours ago verified publisher icon mholt

CVE-2024-0406 Archiver Path Traversal vulnerability

Open earl-warren opened this issue 1 year ago • 7 comments

https://pkg.go.dev/vuln/GO-2024-2698 was published today and makes https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck fail.

earl-warren avatar Jun 05 '24 18:06 earl-warren

that's only if using 3.5.1, 3.5.2 is good https://github.com/advisories/GHSA-rhh4-rh7c-7r5v

earl-warren avatar Jun 05 '24 19:06 earl-warren

But 3.5.2 is not released yet, it is only available in a fork

earl-warren avatar Jun 05 '24 19:06 earl-warren

@mholt Any chance to publish a v3.5.2 as fix?

viceice avatar Jul 05 '24 11:07 viceice

@mholt I am also looking for the fix of this CVE. Any chance we are going to publish v3.5.2 this week?

rathinikunj avatar Jul 08 '24 07:07 rathinikunj

I'd also like to see a release of this. Our build is failing with govulncheck because of this.

rpmoore avatar Jul 23 '24 06:07 rpmoore

@mholt Just checking in again to know if you plan to release the CVE-free version soon.

rathinikunj avatar Sep 07 '24 03:09 rathinikunj

@mholt Just rechecking if we will get CVE-free version any time soon?

ddhawal avatar Oct 16 '24 07:10 ddhawal