CVE-2024-47877 – CVE-2024-47877 is a path traversal vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-47877?

CVE-2024-47877 has a CVSS score of 7.5 (HIGH). CVE-2024-47877 is a path traversal vulnerability in the Extract Go library that allows attackers to create symbolic links outside the intended extraction directory via malicious archives. This affects applications using vulnerable versions of the extract library to process archive files. Attackers could potentially write files to arbitrary locations on the filesystem.

📋 TL;DR

CVE-2024-47877 is a path traversal vulnerability in the Extract Go library that allows attackers to create symbolic links outside the intended extraction directory via malicious archives. This affects applications using vulnerable versions of the extract library to process archive files. Attackers could potentially write files to arbitrary locations on the filesystem.

💻 Affected Systems

Products:

extract Go library

Versions: All versions before 4.0.0

Operating Systems: All platforms where Go applications run

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications using the Extractor.FS interface. Applications using other interfaces may not be vulnerable.

📦 What is this software?

Extract by Codeclysm

View all CVEs affecting Extract →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file write leading to remote code execution, privilege escalation, or data destruction.

🟠

Likely Case

Unauthorized file creation/modification in sensitive directories, potentially leading to data leakage, service disruption, or lateral movement.

🟢

If Mitigated

Limited impact if extraction occurs in isolated containers with restricted filesystem permissions and input validation.

🌐 Internet-Facing: HIGH - Applications processing user-uploaded archives from the internet are directly exposed.

🏢 Internal Only: MEDIUM - Internal systems processing archives from trusted sources still face risk from supply chain attacks or insider threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only a malicious archive file. No authentication needed if application processes untrusted archives.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.0

Vendor Advisory: https://github.com/codeclysm/extract/security/advisories/GHSA-8rm2-93mq-jqhc

Restart Required: No

Instructions:

1. Update go.mod to require github.com/codeclysm/extract/v4 v4.0.0 or later. 2. Run 'go mod tidy'. 3. Update code to implement new methods in Extractor.FS interface. 4. Rebuild and redeploy application.

🔧 Temporary Workarounds

Extract to isolated directory

all

Extract archives to a temporary directory with restricted permissions before processing contents.

mkdir -p /tmp/extract_isolated && chmod 700 /tmp/extract_isolated

Validate archive contents

all

Scan archive contents for symlinks and suspicious paths before extraction.

Use 'tar -tf archive.tar' or 'unzip -l archive.zip' to list contents

🧯 If You Can't Patch

Implement strict input validation to reject archives from untrusted sources.
Run extraction processes in containers with read-only root filesystems and minimal privileges.

🔍 How to Verify

Check if Vulnerable:

Check go.mod for 'github.com/codeclysm/extract' dependency with version <4.0.0.

Check Version:

grep 'codeclysm/extract' go.mod

Verify Fix Applied:

Verify go.mod requires 'github.com/codeclysm/extract/v4 v4.0.0+' and code implements new Extractor.FS methods.

📡 Detection & Monitoring

Log Indicators:

Unexpected file creation outside extraction directory
Permission denied errors for symlink creation

Network Indicators:

Large archive uploads followed by unusual file system activity

SIEM Query:

source="application.logs" AND ("symlink" OR "extract" OR "archive") AND ("permission denied" OR "outside directory")

📊 Metadata

CVE ID: CVE-2024-47877

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-22

Published: October 11, 2024

Last Updated: November 22, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47877, you might also want to check these: