CVE-2020-29529 is a vulnerability in HashiCorp Go Slug
Published on December 3, 2020
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.
Products Associated with CVE-2020-29529
Want to know whenever a new CVE is published for HashiCorp Go Slug? stack.watch will email you.
Exploit Probability
EPSS
0.44%
Percentile
62.69%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.