CNNVD-202511-714 Information

CNNVD ID

CNNVD-202511-714

Related CVE

CVE-2025-64346

• CNNVD Published: 2025-11-07

Description (Chinese)

archives是法国Matt Holt个人开发者的一个跨平台、多格式的 Go 库。 archives 1.0.0版本存在路径遍历漏洞，该漏洞源于未对特制压缩包进行有效防护，可能导致远程代码执行或文件修改。

Description (English)

Archives is a cross-platform, multiformatted Go library of the French personal developer Matt Holt. ARchives 1.0.0 has a loophole in the path, which stems from the lack of effective protection against specially designed compression packages, which may lead to remote code execution or document modification.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2025-11-07

Last Modified

2026-02-24

References

https://github.com/jaredallard/archives/commit/3bddec7bd3f38afbe97ae61d1c8a8487e9ea4ef1 https://github.com/jaredallard/archives/security/advisories/GHSA-j95m-rcjp-q69h https://access.redhat.com/security/cve/cve-2025-64346

Patch

https://github.com/jaredallard/archives/releases