Filtered by vendor Hashicorp
Subscriptions
Filtered by product Go-slug
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-0377 | 1 Hashicorp | 1 Go-slug | 2025-02-12 | 7.5 High |
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. | ||||
CVE-2020-29529 | 2 Hashicorp, Redhat | 2 Go-slug, Acm | 2024-11-21 | 7.5 High |
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0. |
Page 1 of 1.