hashicorp/go-slug

Releases46

Frequency2 months 2 hours

Last Release 5 months ago

Stars27

The slug package provides functions to create slug archives

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-29529 ↗	Dec 3, 2020Thursday, 3 December 2020, 20:15	7.5 HIGH	5 MEDIUM
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.