CVE-2026-32805 in romeo정보

요약

\~에 의해 MITRE • 2026. 03. 19.

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the `sanitizeArchivePath` function in `webserver/api/v1/decoder.go` (lines 80-88) is vulnerable to a path traversal bypass due to a missing trailing path separator in the `strings.HasPrefix` check. A crafted tar archive can write files outside the intended destination directory. Version 0.2.2 fixes the issue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

GitHub M

예약하다

2026. 03. 16.

공개

2026. 03. 19.

모더레이션

수락

항목

VDB-351642

CPE

준비됨

CWE

CWE-22 (확인됨)

CVSS

7.5 (NVD)

EPSS

0.00090

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32805
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32805
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32805/

◂ 이전 개요 다음 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!