CVE-2025-0377

Vulnerability Description

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.

Published Date

January 21, 2025

Last Modified

December 15, 2025

Source

NVD