Due to improper path sanitization, RPMs containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
{ "url": "https://pkg.go.dev/vuln/GO-2020-0042", "review_status": "REVIEWED" }
{ "imports": [ { "symbols": [ "Extract" ], "path": "github.com/sassoftware/go-rpmutils/cpio" } ] }