Lucene search
K

8 matches found

OSV
OSV
added 2025/01/21 6:31 p.m.8 views

GHSA-WPFP-CM49-9M9Q HashiCorp go-slug Vulnerable to Zip Slip Attack

Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...

7.5CVSS7.4AI score0.00667EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/01/21 6:31 p.m.27 views

HashiCorp go-slug Vulnerable to Zip Slip Attack

Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...

9.1CVSS6.8AI score0.00667EPSS
Exploits0References3Affected Software1
Chainguard
Chainguard
added 2025/01/21 4:15 p.m.19 views

CVE-2025-0377 vulnerabilities

Vulnerabilities for packages: opentofu-fips, terraform, vault-fips, terraform-fips, opentofu, vault...

9.1CVSS7AI score0.00667EPSS
Exploits0
Wolfi
Wolfi
added 2025/01/21 4:15 p.m.6 views

CVE-2025-0377 vulnerabilities

Vulnerabilities for packages: opentofu, terraform...

9.1CVSS7AI score0.00667EPSS
Exploits0
Circl
Circl
added 2025/01/21 3:26 p.m.5 views

CVE-2025-0377

creationtimestamp| type| source ---|---|--- 2025-01-21 15:26:07+00:00| seen| https://infosec.exchange/users/cve/statuses/113867041464527765 2025-01-21 16:16:02+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbasqustp2s 2025-01-21 16:49:40+00:00| seen|...

9.1CVSS7AI score0.00667EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/21 3:23 p.m.5 views

CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...

7.5CVSS7.5AI score0.00667EPSS
Exploits0References1
CVE
CVE
added 2025/01/21 3:23 p.m.286 views

CVE-2025-0377

CVE-2025-0377 – HashiCorp go-slug : Zip-slip style path traversal during tar extraction when a non-existent user-provided path is processed. This can allow writing arbitrary files during extraction. Remediation: upgrade go-slug to 0.16.3 or later (the advisory notes the fix is included in 0.16.3)...

9.1CVSS7.5AI score0.00667EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/21 3:23 p.m.20 views

CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...

7.5CVSS0.00667EPSS
Exploits0References1
Rows per page
Query Builder