Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HashiCorp go-slug Vulnerable to Zip Slip Attack
Vulnerability Description
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
Hashicorp Go-slug 后置链接漏洞
Vulnerability Description
HashiCorp Hashicorp Go-slug是美国HashiCorp公司的一个基于Go的用于打包解压文件的代码库。 Hashicorp Go-slug 0.16.2及之前版本存在安全漏洞,该漏洞源于当从 tar 条目中提取不存在的用户提供的路径时,HashiCorp 的 go-slug 库容易受到 zip-slip 式攻击。
CVSS Information
N/A
Vulnerability Type
N/A