DevGuard Logo

/Devguard
Group
/devguard-scanner
Repository

Overview
Compliance
Code Risks
Dependency Risks
Dependencies

CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

Open
LOW (3.4)
  • T

    Tim Bastin detected CVE-2024-24789 with a risk of 3.35

    main
  • logo

    System updated the risk assessment from 3.35 to 1.67

    main

    System recalculated raw risk assessment

  • T

    Tim Bastin fixed CVE-2024-24789

    main
  • T

    Tim Bastin detected CVE-2024-24789 with a risk of 3.35

    main
  • logo

    System updated the risk assessment from 3.35 to 1.67

    main

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 1.67 to 3.35

    main

    System recalculated raw risk assessment

  • logo

    System removed scanner:

    main
  • logo

    System removed scanner:

    main
  • logo

    System removed scanner:

    main
  • T

    Tim Bastin fixed CVE-2024-24789

    main
  • logo

    System detected CVE-2024-24789 with a risk of 3.35

    main
  • T

    Tim Bastin fixed CVE-2024-24789

    main
  • logo

    System detected CVE-2024-24789 with a risk of 3.35

    main

Add a comment

Mark as False Positive
Last calculated at:

Affected component

Logo von golang stdlib

Installed version:
1.21.8
Fixed in:
v1.21.11
Show in dependency graph

Quick Fix

Update all Dependencies
Update only stdlib
GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 667098114b5ef45c7830e7aa599604fa65eb818f