Vulnerabilities (CVE)

Filtered by vendor Hashicorp Subscribe
Filtered by product Go-slug
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-29529 1 Hashicorp 1 Go-slug 2024-02-28 5.0 MEDIUM 7.5 HIGH
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.