CNNVD-202506-2141 Information

CNNVD ID

CNNVD-202506-2141

Related CVE

CVE-2025-5981

• CNNVD Published: 2025-06-18

Description (Chinese)

OSV-SCALIBR是Google开源的一个软件组合分析库。 OSV-SCALIBR存在安全漏洞，该漏洞源于unpack函数存在路径遍历问题，可能导致任意文件写入。

Description (English)

OSV-SCALIBR is an open-source software portfolio analysis library for Google. There is a security loophole in OSV-SCALIBR, which stems from the unpack function ’ s path-crossing problem, which may lead to the writing of any file.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

谷歌

Published

2025-06-18

Last Modified

2026-02-24

References

https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59 https://github.com/google/osv-scalibr/releases/tag/v0.1.8

Patch

https://github.com/google/osv-scalibr/releases