From 6a9ef28975dc14aacda7e187173e65093707d016 Mon Sep 17 00:00:00 2001
From: Bishop <fabric8.analytics.cve.bot@gmail.com>
Date: Fri, 3 Jul 2020 06:21:06 +0000
Subject: [PATCH] Add CVE-2020-7668

---
 database/java/2020/7668.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 database/java/2020/7668.yaml

diff --git a/database/java/2020/7668.yaml b/database/java/2020/7668.yaml
new file mode 100644
index 0000000000..5cec4d425b
--- /dev/null
+++ b/database/java/2020/7668.yaml
@@ -0,0 +1,15 @@
+---
+cve: 2020-7668
+title: CVE in com.classactionpl.tz:zoneinfo-tz
+description: >
+    The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
+cvss_v2: 5.0
+references:
+    - https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384
+affected:
+    - groupId: com.classactionpl.tz
+      artifactId: zoneinfo-tz
+      version:
+        []
+      fixedin:
+        - ">=1.0.1"