Github.Com Hashicorp Go-Slug vulnerabilities

CVE-2025-0377 [CRITICAL] CWE-59 HashiCorp go-slug Vulnerable to Zip Slip Attack HashiCorp go-slug Vulnerable to Zip Slip Attack ## Summary HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This vulnerability, identified as CVE-2025-0377, is fixed in go-slug 0.16.3. ## Background HashiCorp’s go-slug shared library offers functions for packing and unpacking Terraform Enterprise compatible slugs. Slugs are

CVE-2020-29529 [HIGH] CWE-22 Unsafe tar unpacking in HashiCorp go-slug Unsafe tar unpacking in HashiCorp go-slug HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.