Filtered by vendor Hashicorp Subscriptions
Filtered by product Go-slug Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-0377 1 Hashicorp 1 Go-slug 2025-02-12 7.5 High
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
CVE-2020-29529 2 Hashicorp, Redhat 2 Go-slug, Acm 2024-11-21 7.5 High
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.