cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0377,https://securityvulnerability.io/vulnerability/CVE-2025-0377,Zip-Slip Vulnerability in HashiCorp's go-slug Library,"HashiCorp's go-slug library is susceptible to a zip-slip attack, allowing an attacker to manipulate file paths during extraction from tar entries. When a user provides a path that doesn't exist, it can be exploited to write to unintended file locations, potentially compromising system integrity. It is essential for users of the go-slug library to address this risk by validating paths and ensuring secure extraction processes.",Hashicorp,Shared Library,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T15:23:53.104Z,0
CVE-2024-6257,https://securityvulnerability.io/vulnerability/CVE-2024-6257,Malicious Git Configuration Execution via go-getter Library,"The Go-Getter library from HashiCorp is susceptible to a vulnerability that allows an attacker to manipulate the Git configuration, potentially leading to arbitrary code execution. By coercing the library into executing a Git update on a maliciously modified configuration, attackers can exploit this weakness to execute unwanted code within the user's environment. This issue underscores the importance of secure coding practices and vigilant configuration management to protect against such vulnerabilities.",Hashicorp,Shared Library,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-25T16:31:03.882Z,0
CVE-2024-6104,https://securityvulnerability.io/vulnerability/CVE-2024-6104,Sensitive HTTP Basic Auth Credentials at Risk in go-retryablehttp Prior to 0.7.7,"go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.",Hashicorp,Shared Library,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-24T17:06:21.150Z,0
CVE-2024-3817,https://securityvulnerability.io/vulnerability/CVE-2024-3817,Git Injection Vulnerability Affects HashiCorp's go-getter Library,"HashiCorp's Go-Getter library contains a vulnerability that allows for argument injection during the process of executing Git commands to fetch remote branches. This security flaw exposes the system to potential exploitation by manipulating inputs, particularly in scenarios involving remote repository interactions. Importantly, this vulnerability does not affect versions located in the go-getter/v2 branch and package, making those iterations safer for users.",Hashicorp,Shared Library,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-17T19:37:25.878Z,0