CVE-2022-41920
- Reference to the description:
- Description:
- Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue.
- Last updated date:
- 11/22/2022
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/22/2022
- Reference url to background
https://github.com/duke-git/lancet/security/advisories/GHSA-pp3f-xrw5-q5j4