← voltar
CVE-2020-29529

CVE-2020-29529

EPSS 2.8%
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/hashicorp/go-slug/compare/v0.4.3...v0.5.0https://github.com/hashicorp/go-slug/pull/12https://github.com/hashicorp/go-slug/releases/tag/v0.5.0https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug