PT-2025-3860 · Hashicorp +1 · Go-Slug +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-slug versions prior to 0.16.3 Description: The go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This occurs because the unpacking step improperly...