Go Slug

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-0377 Go HIGH PATCH This Month

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Hashicorp Suse Go Slug

NVD

CVSS 3.1

7.5

EPSS

0.5%

CVE-2025-0377 Go

EPSS 0% CVSS 7.5

HIGH PATCH This Month

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Hashicorp +2

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy