---

CVE-2021-27919 - log back

CVE-2021-27919 edited at 11 Mar 2021 07:47:56
Description	- A security issue was found in Go before version 1.16.1. The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive containing files that start with “../”. + archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

CVE-2021-27919 edited at 10 Mar 2021 16:47:51
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ A security issue was found in Go before version 1.16.1. The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive containing files that start with “../”.
References	+ https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw + https://github.com/golang/go/issues/44916 + https://github.com/golang/go/commit/634d28d78ccbeb6e86f8bfeba030ea8be518f8fa
Notes

CVE-2021-27919 created at 10 Mar 2021 16:43:57