RSS   Vulnerabilities for 'Go-slug'   RSS

2020-12-03
 
CVE-2020-29529

CWE-59
 

 
HashiCorp go-slug up to 0.4.3 did not fully protect against Zip Slip attacks while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

 

 >>> Vendor: Hashicorp 15 Products
Sentinel
Vault
Vagrant vmware fusion
Vagrant
Terraform
Consul
Nomad
Packer
Terraform enterprise
Vault-ssh-helper
Go-slug
Vault provider for secrets store csi driver
Terraform provider
Vault-action
Go-getter


Copyright 2024, cxsecurity.com

 

Back to Top