CVE-2020-36566: tar-utils Path Traversal vulnerability

December 28, 2022 (updated December 30, 2022)

Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

References

github.com/advisories/GHSA-jpf8-h7h7-3ppm
github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227
nvd.nist.gov/vuln/detail/CVE-2020-36566
pkg.go.dev/vuln/GO-2021-0106
snyk.io/research/zip-slip-vulnerability

Code Behaviors & Features

Detect and mitigate CVE-2020-36566 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →