33 matches found
EUVD-2023-0600
Malicious code in bioql PyPI...
EUVD-2025-0202
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-29529
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific...
Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1
Summary This SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1 Vulnerability...
CVE-2025-0377
An archive extraction vulnerability was found in HashiCorp's go-slug library. When go-slug performs an extraction, the filename/extraction path is taken from the tar entry via the header.Name. It was discovered that the unpacking step improperly validated paths, potentially leading to path...
GO-2025-3413 HashiCorp go-slug Vulnerable to Zip Slip Attack in github.com/hashicorp/go-slug
HashiCorp go-slug Vulnerable to Zip Slip Attack in github.com/hashicorp/go-slug...
Relative Path Traversal
github.com/hashicorp/go-slug is vulnerable to Relative Path Traversal. The vulnerability is due to improper path validation when extracting user-provided paths from tar entries, allowing for directory traversal and potential overwriting of arbitrary files...
SUSE CVE-2025-0377
HashiCorp's go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...
GHSA-WPFP-CM49-9M9Q HashiCorp go-slug Vulnerable to Zip Slip Attack
Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...
HashiCorp go-slug Vulnerable to Zip Slip Attack
Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...
CVE-2025-0377
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...
HashiCorp go-slug Vulnerable to Zip Slip Attack
Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...
CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...
CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...
CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...
CVE-2025-0377
CVE-2025-0377 – HashiCorp go-slug : Zip-slip style path traversal during tar extraction when a non-existent user-provided path is processed. This can allow writing arbitrary files during extraction. Remediation: upgrade go-slug to 0.16.3 or later (the advisory notes the fix is included in 0.16.3)...
PT-2025-3860 · Hashicorp +1 · Go-Slug +1
Name of the Vulnerable Software and Affected Versions: HashiCorp go-slug versions prior to 0.16.3 Description: The go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This occurs because the unpacking step improperly...
Hashicorp Go-slug 后置链接漏洞
HashiCorp Hashicorp Go-slug is a Go-based codebase for packing and unpacking files from HashiCorp, USA. A security vulnerability exists in Hashicorp Go-slug version 0.16.2 and earlier, which stems from the fact that HashiCorp's go-slug library is susceptible to a zip-slip style attack when...
GHSA-2G5J-5X95-R6HR Unsafe tar unpacking in HashiCorp go-slug
HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks...
Unsafe tar unpacking in HashiCorp go-slug
HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks...