Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-29529

Опубликовано: 03 дек. 2020
Источник: debian

Описание

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-github-hashicorp-go-slugfixed0.5.0-1package

Примечания

  • https://github.com/hashicorp/go-slug/pull/12

Связанные уязвимости

ubuntu логотип

CVE-2020-29529

CVSS3: 7.5
ubuntu
около 5 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

redhat логотип

CVE-2020-29529

CVSS3: 7.5
redhat
около 5 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

nvd логотип

CVE-2020-29529

CVSS3: 7.5
nvd
около 5 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

github логотип

GHSA-2g5j-5x95-r6hr

CVSS3: 7.5
github
около 3 лет назад

Unsafe tar unpacking in HashiCorp go-slug