Aggregates CVE and security vulnerability intelligence across all u-root-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling, with potential vendor impact file overwrite across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-7669 | This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction. | [email protected] | 7.5 | 0.35% | 2020-09-01 | 2024-11-21 |
| CVE-2020-7666 | This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction. | [email protected] | 7.5 | 0.51% | 2020-09-01 | 2024-11-21 |
| CVE-2020-7665 | This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction. | [email protected] | 7.5 | 0.15% | 2020-09-01 | 2024-11-21 |