Go-huge-util vulnerable to path traversal when unzipping files

Impact ZipSlip issue when use fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. Patches It has been fixed in v0.0.34, Please upgrade version to v0.0.34 or above. Workarounds No, users have to upgrade...

GHSA-Q2QR-3C2P-9235 Denial of Service (DoS) in HashiCorp Consul

HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4. Specific Go Packages Affected github.com/hashicorp/consul/agent/consul/discoverychain...

Access Restriction Bypass in kubernetes

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. Specific Go Packages Affected github.com/kubernetes/kubernetes/pkg/apiserver...

Plugin archive directory traversal in Helm

The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.2.3. Impact A traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and...

GHSA-JP4J-47F9-2VC3 Integer Overflow or Wraparound in NATS Server

An integer overflow in NATS Server before 2.2.0 allows a remote attacker to crash the server by sending a crafted request. Specific Go Packages Affected github.com/nats-io/nats-server/v2/server...