Vulnerability Report: GO-2022-0787

CVE-2020-26277, GHSA-47wr-426j-fr82
Affects: github.com/datacharmer/dbdeployer
Published: Aug 21, 2024
Unreviewed

Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer in github.com/datacharmer/dbdeployer

For detailed information about this vulnerability, visit https://github.com/datacharmer/dbdeployer/security/advisories/GHSA-47wr-426j-fr82 or https://nvd.nist.gov/vuln/detail/CVE-2020-26277.

Affected Modules

Path

Go Versions
github.com/datacharmer/dbdeployer

before v1.58.2

Aliases

CVE-2020-26277
GHSA-47wr-426j-fr82

References

https://github.com/datacharmer/dbdeployer/security/advisories/GHSA-47wr-426j-fr82
https://nvd.nist.gov/vuln/detail/CVE-2020-26277
https://github.com/datacharmer/dbdeployer/commit/548e256c1de2f99746e861454e7714ec6bc9bb10
https://vuln.go.dev/ID/GO-2022-0787.json

Feedback

This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL