Go-huge-util vulnerable to path traversal when unzipping files

Impact ZipSlip issue when use fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. Patches It has been fixed in v0.0.34, Please upgrade version to v0.0.34 or above. Workarounds No, users have to upgrade...

Access Restriction Bypass in kubernetes

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. Specific Go Packages Affected github.com/kubernetes/kubernetes/pkg/apiserver...

GHSA-Q2QR-3C2P-9235 Denial of Service (DoS) in HashiCorp Consul

HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4. Specific Go Packages Affected github.com/hashicorp/consul/agent/consul/discoverychain...

Plugin archive directory traversal in Helm

The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.2.3. Impact A traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and...

GHSA-JP4J-47F9-2VC3 Integer Overflow or Wraparound in NATS Server

An integer overflow in NATS Server before 2.2.0 allows a remote attacker to crash the server by sending a crafted request. Specific Go Packages Affected github.com/nats-io/nats-server/v2/server...