Hashicorp Go-Slug vulnerabilities
2 known vulnerabilities affecting hashicorp/go-slug.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-0377CRITICALCVSS 9.1fixed in 0.16.32025-01-21
CVE-2025-0377 [CRITICAL] CWE-59 CVE-2025-0377: HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provid
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
nvd
CVE-2020-29529HIGHCVSS 7.5fixed in 0.5.02020-12-03
CVE-2020-29529 [HIGH] CWE-22 CVE-2020-29529: HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.
nvd