Address GO-2020-0042
Due to improper path santization, RPMs containing relative file paths can cause files to be written (or overwritten) outside of the target directory. Signed-off-by: Florian Lehner <dev@der-flo.net>
This commit is contained in:
Florian Lehner
committed by
Brad Fitzpatrick
Brad Fitzpatrick
parent
1841d0bf98
commit
17348915fa
@@ -230,7 +230,7 @@ require (
|
||||
github.com/ryancurrah/gomodguard v1.2.3 // indirect
|
||||
github.com/ryanrolds/sqlclosecheck v0.3.0 // indirect
|
||||
github.com/sanposhiho/wastedassign/v2 v2.0.7 // indirect
|
||||
github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b // indirect
|
||||
github.com/sassoftware/go-rpmutils v0.1.0 // indirect
|
||||
github.com/securego/gosec/v2 v2.9.3 // indirect
|
||||
github.com/sergi/go-diff v1.2.0 // indirect
|
||||
github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect
|
||||
|
||||
Reference in New Issue
Block a user