Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-29529

Опубликовано: 03 дек. 2020
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/jammy

needs-triage

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

ignored

end of life
hirsute

ignored

end of life
impish

ignored

end of life
jammy

needs-triage

Показывать по

EPSS

Процентиль: 76%
0.00982
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 7.5
redhat
больше 4 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

CVSS3: 7.5
nvd
больше 4 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

CVSS3: 7.5
debian
больше 4 лет назад

HashiCorp go-slug up to 0.4.3 did not fully protect against directory ...

CVSS3: 7.5
github
больше 2 лет назад

Unsafe tar unpacking in HashiCorp go-slug

EPSS

Процентиль: 76%
0.00982
Низкий

5 Medium

CVSS2

7.5 High

CVSS3