Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0600

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.02783EPSS
Exploits1References10
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:34 a.m.90 views

Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1

Summary This SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1 Vulnerability...

9.1CVSS8.5AI score0.15046EPSS
Exploits4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/03 7:28 a.m.11 views

CVE-2025-0377

An archive extraction vulnerability was found in HashiCorp's go-slug library. When go-slug performs an extraction, the filename/extraction path is taken from the tar entry via the header.Name. It was discovered that the unpacking step improperly validated paths, potentially leading to path...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/01/21 6:31 p.m.27 views

HashiCorp go-slug Vulnerable to Zip Slip Attack

Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...

9.1CVSS6.8AI score0.00667EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/01/21 6:31 p.m.8 views

GHSA-WPFP-CM49-9M9Q HashiCorp go-slug Vulnerable to Zip Slip Attack

Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. Background HashiCorp’s go-slug shared library offers functions for...

7.5CVSS7.4AI score0.00667EPSS
Exploits0References3
NVD
NVD
added 2025/01/21 4:15 p.m.12 views

CVE-2025-0377

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...

9.1CVSS0.00667EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/21 3:23 p.m.5 views

CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...

7.5CVSS7.5AI score0.00667EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/21 3:23 p.m.20 views

CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry...

7.5CVSS0.00667EPSS
Exploits0References1
CVE
CVE
added 2025/01/21 3:23 p.m.286 views

CVE-2025-0377

CVE-2025-0377 – HashiCorp go-slug : Zip-slip style path traversal during tar extraction when a non-existent user-provided path is processed. This can allow writing arbitrary files during extraction. Remediation: upgrade go-slug to 0.16.3 or later (the advisory notes the fix is included in 0.16.3)...

9.1CVSS7.5AI score0.00667EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2021/01/08 12:51 p.m.28 views

CVE-2020-29529

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0...

7.5CVSS3.4AI score0.02783EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/12/03 7:4 p.m.27 views

CVE-2020-29529

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0...

7.5AI score0.02783EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/12/03 7:4 p.m.24 views

CVE-2020-29529

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0...

7.5CVSS7.6AI score0.02783EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/12/03 12:0 a.m.4 views

PT-2020-17183 · Hashicorp · Go-Slug

Name of the Vulnerable Software and Affected Versions: HashiCorp go-slug versions 0.4.3 and earlier Description: The issue allows a malicious attacker to bypass protections against directory traversal during archive extraction by chaining multiple symbolic links within the archive. This enables t...

7.5CVSS7.3AI score0.02783EPSS
Exploits1References18
Rows per page
Query Builder