CVEDB API - Fast Vulnerability Dashboard

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-0377

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.2%

CVSS Severity

CVSS v3 Score 7.5

References

https://discuss.hashicorp.com/t/hcsec-2025-01-hashicorp-go-slug-vulnerable-to-zip-slip-attack

Products affected by CVE-2025-0377

Hashicorp » Go-Slug » Version: 0.1.0

cpe:2.3:a:hashicorp:go-slug:0.1.0
Hashicorp » Go-Slug » Version: 0.2.0

cpe:2.3:a:hashicorp:go-slug:0.2.0
Hashicorp » Go-Slug » Version: 0.3.0

cpe:2.3:a:hashicorp:go-slug:0.3.0
Hashicorp » Go-Slug » Version: 0.3.1

cpe:2.3:a:hashicorp:go-slug:0.3.1
Hashicorp » Go-Slug » Version: 0.4.0

cpe:2.3:a:hashicorp:go-slug:0.4.0
Hashicorp » Go-Slug » Version: 0.4.1

cpe:2.3:a:hashicorp:go-slug:0.4.1
Hashicorp » Go-Slug » Version: 0.4.2

cpe:2.3:a:hashicorp:go-slug:0.4.2
Hashicorp » Go-Slug » Version: 0.4.3

cpe:2.3:a:hashicorp:go-slug:0.4.3
Hashicorp » Go-Slug » Version: 0.5.0

cpe:2.3:a:hashicorp:go-slug:0.5.0

Products

Pricing

Contact Us

support@shodan.io

Shodan ® - All rights reserved