CVE-2021-27919

Aliases:GO-2021-0067BIT-golang-2021-27919

Advisory lineage Upstream: 0 Downstream: 3

Downstream

OPENSUSE-SU-2024:10809-1 SUSE-SU-2021:0937-1 UBUNTU-CVE-2021-27919

Modified

Published: 11 Mar 2021, 00:00

Last modified:03 Aug 2024, 21:33

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.13% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Mar 2021, 00:00

Published

Vulnerability first disclosed

03 Aug 2024, 21:33

Last Modified

Vulnerability information updated

Description

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.13%• Percentile: 32%

Affected Systems

fedoraproject•fedora
34 | 35
golang•go
≥ 1.16.0, < 1.16.1
Go•stdlib
≥ 1.16.0-0, < 1.16.1