Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Romeo is vulnerable to Archive Slip due to missing checks in sanitization
Vulnerability Description
Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the `sanitizeArchivePath` function in `webserver/api/v1/decoder.go` (lines 80-88) is vulnerable to a path traversal bypass due to a missing trailing path separator in the `strings.HasPrefix` check. A crafted tar archive can write files outside the intended destination directory. Version 0.2.2 fixes the issue.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Romeo 路径遍历漏洞
Vulnerability Description
Romeo是CTFer.io开源的一个Go应用代码覆盖率计算工具。 Romeo 0.2.2之前版本存在路径遍历漏洞,该漏洞源于路径遍历检查存在缺陷,可能导致任意文件写入。
CVSS Information
N/A
Vulnerability Type
N/A