8 matches found
GHSA-WPFP-CM49-9M9Q HashiCorp go-slug Vulnerable to Zip Slip Attack
Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...
HashiCorp go-slug Vulnerable to Zip Slip Attack
Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...
CVE-2025-0377 vulnerabilities
Vulnerabilities for packages: opentofu, terraform...
CVE-2025-0377 vulnerabilities
Vulnerabilities for packages: opentofu, vault, vault-fips, terraform, opentofu-fips, terraform-fips...
CVE-2025-0377
creationtimestamp| type| source ---|---|--- 2025-01-21 15:26:07+00:00| seen| https://infosec.exchange/users/cve/statuses/113867041464527765 2025-01-21 16:16:02+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbasqustp2s 2025-01-21 16:49:40+00:00| seen|...
CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...
CVE-2025-0377
CVE-2025-0377 – HashiCorp go-slug : Zip-slip style path traversal during tar extraction when a non-existent user-provided path is processed. This can allow writing arbitrary files during extraction. Remediation: upgrade go-slug to 0.16.3 or later (the advisory notes the fix is included in 0.16.3)...
CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...