Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-29529

Опубликовано: 03 дек. 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:hashicorp:go-slug:*:*:*:*:*:*:*:*
Версия до 0.5.0 (исключая)

EPSS

Процентиль: 76%
0.00982
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVSS3: 7.5
ubuntu
больше 4 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

CVSS3: 7.5
redhat
больше 4 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

CVSS3: 7.5
debian
больше 4 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory ...

CVSS3: 7.5
github
больше 2 лет назад

Unsafe tar unpacking in HashiCorp go-slug

EPSS

Процентиль: 76%
0.00982
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22