Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2020-0026" }
{ "imports": [ { "symbols": [ "New", "stiTar.ExtractTarStream", "stiTar.ExtractTarStreamFromTarReader", "stiTar.ExtractTarStreamWithLogging", "stiTar.extractLink" ], "path": "github.com/openshift/source-to-image/pkg/tar" } ] }