Skip to main content

Go Slug

2 CVEs product

Monthly

CVE-2025-0377 Go HIGH PATCH This Month

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Go Slug Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-29529 Go HIGH POC PATCH This Week

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Hashicorp Path Traversal Go Slug
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
EPSS 0% CVSS 7.5
HIGH PATCH This Month

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Go Slug +2
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Hashicorp Path Traversal Go Slug
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy