[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-0377":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":195,"aliases":196,"duplicate_of":9,"upstream":199,"downstream":200,"duplicates":209,"related":210,"reserved_at":9,"published_at":243,"modified_at":244,"state":245,"summary":246,"references_raw":255,"kevs":278,"epss":279,"epss_history":282,"metrics":554,"affected":568},"CVE-2025-0377","HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","weakness","Draft","Base","Medium",[20,101,162,191],{"id":21,"name":22,"techniques":23},"CAPEC-132","Symlink Attack",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1547.009","Shortcut Modification",[28,31],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,62,67,72,77,81,85,89,93,97],{"id":36,"name":37,"tactic":38},"D3-FA","File Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DA","Dynamic Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-EFA","Emulated File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FEV","File Eviction",{"name":56},"Evict",{"id":58,"name":59,"tactic":60},"D3-DF","Decoy File",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-FE","File Encryption",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-RF","Restore File",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CF","Content Filtering",{"name":76},"Isolate",{"id":78,"name":79,"tactic":80},"D3-LFP","Local File Permissions",{"name":76},{"id":82,"name":83,"tactic":84},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":86,"name":87,"tactic":88},"D3-CQ","Content Quarantine",{"name":76},{"id":90,"name":91,"tactic":92},"D3-CM","Content Modification",{"name":76},{"id":94,"name":95,"tactic":96},"D3-EAL","Executable Allowlisting",{"name":76},{"id":98,"name":99,"tactic":100},"D3-EDL","Executable Denylisting",{"name":76},{"id":102,"name":103,"techniques":104},"CAPEC-17","Using Malicious Files",[105,142],{"id":106,"name":107,"tactics":108,"countermeasures":120},"T1574.005","Executable Installer File Permissions Weakness",[109,110,111,114,117],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},"TA0030","Defense Evasion",{"id":115,"name":116},"TA0005","Stealth",{"id":118,"name":119},"TA0104","Execution",[121,126,130,134,138],{"id":122,"name":123,"tactic":124},"D3-SWI","Software Inventory",{"name":125},"Model",{"id":127,"name":128,"tactic":129},"D3-AVE","Asset Vulnerability Enumeration",{"name":125},{"id":131,"name":132,"tactic":133},"D3-SBV","Service Binary Verification",{"name":39},{"id":135,"name":136,"tactic":137},"D3-SU","Software Update",{"name":66},{"id":139,"name":140,"tactic":141},"D3-RS","Restore Software",{"name":71},{"id":143,"name":144,"tactics":145,"countermeasures":151},"T1574.010","Services File Permissions Weakness",[146,147,148,149,150],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},{"id":115,"name":116},{"id":118,"name":119},[152,154,156,158,160],{"id":122,"name":123,"tactic":153},{"name":125},{"id":127,"name":128,"tactic":155},{"name":125},{"id":131,"name":132,"tactic":157},{"name":39},{"id":135,"name":136,"tactic":159},{"name":66},{"id":139,"name":140,"tactic":161},{"name":71},{"id":163,"name":164,"techniques":165},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[166,173,180],{"id":167,"name":168,"tactics":169,"countermeasures":172},"T1027.006","HTML Smuggling",[170,171],{"id":112,"name":113},{"id":115,"name":116},[],{"id":174,"name":175,"tactics":176,"countermeasures":179},"T1027.009","Embedded Payloads",[177,178],{"id":112,"name":113},{"id":115,"name":116},[],{"id":181,"name":182,"tactics":183,"countermeasures":186},"T1564.009","Resource Forking",[184,185],{"id":112,"name":113},{"id":115,"name":116},[187],{"id":188,"name":189,"tactic":190},"D3-FFV","File Format Verification",{"name":76},{"id":192,"name":193,"techniques":194},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[197,198],"GHSA-wpfp-cm49-9m9q","GO-2025-3413",[],[201,203,205,207],{"_key":202},"SUSE-SU-2025:0297-1",{"_key":204},"OPENSUSE-SU-2025:14684-1",{"_key":206},"OPENSUSE-SU-2025:14710-1",{"_key":208},"OPENSUSE-SU-2025:20097-1",[],[211,212,213,214,215,217,219,221,223,225,227,229,231,233,235,237,239,241],{"_key":202},{"_key":204},{"_key":206},{"_key":208},{"_key":216},"CGA-2V39-5353-4XMP",{"_key":218},"CGA-5RHF-QHX7-JQF7",{"_key":220},"CGA-76HM-7CM5-8X73",{"_key":222},"CGA-8F68-FHRR-VC52",{"_key":224},"CGA-965M-37HF-HC96",{"_key":226},"CGA-GV3V-5R7Q-67J4",{"_key":228},"CGA-HM3G-WGPG-97V7",{"_key":230},"CGA-JF55-9QPC-Q6VJ",{"_key":232},"CGA-MG7G-8W7R-628H",{"_key":234},"CGA-P45V-XC5P-G82M",{"_key":236},"CGA-P6FR-RHQV-HCMJ",{"_key":238},"CGA-QMRR-RVC9-3XGP",{"_key":240},"CGA-RFJ3-W2RH-PW23",{"_key":242},"CGA-95VJ-48RH-PQ79","2025-01-21T15:23:53.104Z","2025-02-12T20:41:20.897Z","Analyzed",{"cisa_kev":247,"cisa_ransomware":247,"cisa_vendor":9,"epss_severity":248,"epss_score":249,"severity":250,"severity_score":251,"severity_version":252,"severity_source":253,"severity_vector":254,"severity_status":245},false,"low",0.00467,"critical",9.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",[256,264,269,274],{"url":257,"sources":258,"tags":261},"https://discuss.hashicorp.com/t/hcsec-2025-01-hashicorp-go-slug-vulnerable-to-zip-slip-attack",[259,253,260],"cve.org","osv_go",[262,263],"Vendor Advisory","WEB",{"url":265,"sources":266,"tags":267},"https://nvd.nist.gov/vuln/detail/CVE-2025-0377",[260],[268],"Advisory",{"url":270,"sources":271,"tags":272},"github.com/hashicorp/go-slug",[260],[273],"PACKAGE",{"url":275,"sources":276,"tags":277},"https://github.com/advisories/GHSA-wpfp-cm49-9m9q",[260],[268],[],{"date":280,"score":249,"percentile":281},"2026-06-04",0.64771,[283,287,290,293,297,300,303,306,309,312,315,318,321,324,328,332,335,338,341,344,347,350,353,355,358,361,364,367,370,373,376,379,382,385,388,390,393,396,399,402,405,408,411,415,418,421,424,427,430,433,436,439,442,445,448,451,454,456,459,462,465,468,471,474,477,480,483,486,489,492,495,498,501,504,507,509,512,515,518,521,524,527,530,533,536,539,542,545,548,551],{"date":284,"score":285,"percentile":286},"2025-11-04",0.0008,0.24425,{"date":288,"score":285,"percentile":289},"2025-11-05",0.24407,{"date":291,"score":285,"percentile":292},"2025-11-06",0.24414,{"date":294,"score":295,"percentile":296},"2025-11-07",0.00087,0.25804,{"date":298,"score":295,"percentile":299},"2025-11-08",0.25801,{"date":301,"score":295,"percentile":302},"2025-11-09",0.25756,{"date":304,"score":295,"percentile":305},"2025-11-10",0.2572,{"date":307,"score":295,"percentile":308},"2025-11-11",0.25732,{"date":310,"score":295,"percentile":311},"2025-11-12",0.25762,{"date":313,"score":295,"percentile":314},"2025-11-13",0.25764,{"date":316,"score":295,"percentile":317},"2025-11-14",0.25759,{"date":319,"score":295,"percentile":320},"2025-11-15",0.25753,{"date":322,"score":295,"percentile":323},"2025-11-16",0.25708,{"date":325,"score":326,"percentile":327},"2025-11-17",0.00102,0.28744,{"date":329,"score":330,"percentile":331},"2025-11-18",0.00348,0.5438,{"date":333,"score":330,"percentile":334},"2025-11-19",0.54395,{"date":336,"score":330,"percentile":337},"2025-11-20",0.54381,{"date":339,"score":326,"percentile":340},"2025-11-21",0.2878,{"date":342,"score":326,"percentile":343},"2025-11-22",0.28792,{"date":345,"score":326,"percentile":346},"2025-11-23",0.28759,{"date":348,"score":326,"percentile":349},"2025-11-24",0.28733,{"date":351,"score":326,"percentile":352},"2025-11-25",0.28728,{"date":354,"score":326,"percentile":352},"2025-11-26",{"date":356,"score":326,"percentile":357},"2025-11-27",0.28743,{"date":359,"score":326,"percentile":360},"2025-11-28",0.28718,{"date":362,"score":326,"percentile":363},"2025-11-29",0.28709,{"date":365,"score":326,"percentile":366},"2025-11-30",0.28685,{"date":368,"score":326,"percentile":369},"2025-12-01",0.28746,{"date":371,"score":326,"percentile":372},"2025-12-02",0.28771,{"date":374,"score":326,"percentile":375},"2025-12-03",0.28777,{"date":377,"score":326,"percentile":378},"2025-12-04",0.28703,{"date":380,"score":326,"percentile":381},"2025-12-05",0.2874,{"date":383,"score":326,"percentile":384},"2025-12-06",0.28738,{"date":386,"score":326,"percentile":387},"2025-12-07",0.28707,{"date":389,"score":326,"percentile":360},"2025-12-08",{"date":391,"score":326,"percentile":392},"2025-12-09",0.28775,{"date":394,"score":326,"percentile":395},"2025-12-10",0.28843,{"date":397,"score":326,"percentile":398},"2025-12-11",0.28873,{"date":400,"score":326,"percentile":401},"2025-12-12",0.28892,{"date":403,"score":326,"percentile":404},"2025-12-13",0.28889,{"date":406,"score":326,"percentile":407},"2025-12-14",0.28858,{"date":409,"score":326,"percentile":410},"2025-12-15",0.28826,{"date":412,"score":413,"percentile":414},"2025-12-16",0.0011,0.30167,{"date":416,"score":413,"percentile":417},"2025-12-17",0.30209,{"date":419,"score":413,"percentile":420},"2025-12-18",0.3026,{"date":422,"score":413,"percentile":423},"2025-12-19",0.30273,{"date":425,"score":413,"percentile":426},"2025-12-20",0.30251,{"date":428,"score":413,"percentile":429},"2025-12-21",0.30202,{"date":431,"score":413,"percentile":432},"2025-12-22",0.30162,{"date":434,"score":413,"percentile":435},"2025-12-23",0.30136,{"date":437,"score":413,"percentile":438},"2025-12-24",0.30143,{"date":440,"score":413,"percentile":441},"2025-12-25",0.30216,{"date":443,"score":413,"percentile":444},"2025-12-26",0.30214,{"date":446,"score":413,"percentile":447},"2025-12-27",0.30217,{"date":449,"score":413,"percentile":450},"2025-12-28",0.30138,{"date":452,"score":413,"percentile":453},"2025-12-29",0.30111,{"date":455,"score":413,"percentile":453},"2025-12-30",{"date":457,"score":413,"percentile":458},"2025-12-31",0.30163,{"date":460,"score":413,"percentile":461},"2026-01-01",0.30292,{"date":463,"score":413,"percentile":464},"2026-01-02",0.30285,{"date":466,"score":413,"percentile":467},"2026-01-03",0.30261,{"date":469,"score":413,"percentile":470},"2026-01-04",0.30134,{"date":472,"score":413,"percentile":473},"2026-01-05",0.30127,{"date":475,"score":413,"percentile":476},"2026-01-06",0.30137,{"date":478,"score":413,"percentile":479},"2026-01-07",0.30168,{"date":481,"score":413,"percentile":482},"2026-01-08",0.30195,{"date":484,"score":413,"percentile":485},"2026-01-09",0.3019,{"date":487,"score":413,"percentile":488},"2026-01-10",0.30185,{"date":490,"score":413,"percentile":491},"2026-01-11",0.30156,{"date":493,"score":413,"percentile":494},"2026-01-12",0.30098,{"date":496,"score":413,"percentile":497},"2026-01-13",0.30075,{"date":499,"score":413,"percentile":500},"2026-01-14",0.3012,{"date":502,"score":413,"percentile":503},"2026-01-15",0.30117,{"date":505,"score":413,"percentile":506},"2026-01-16",0.30145,{"date":508,"score":413,"percentile":476},"2026-01-17",{"date":510,"score":413,"percentile":511},"2026-01-18",0.3008,{"date":513,"score":413,"percentile":514},"2026-01-19",0.30046,{"date":516,"score":413,"percentile":517},"2026-01-20",0.30032,{"date":519,"score":413,"percentile":520},"2026-01-21",0.29975,{"date":522,"score":413,"percentile":523},"2026-01-22",0.29949,{"date":525,"score":413,"percentile":526},"2026-01-23",0.30016,{"date":528,"score":413,"percentile":529},"2026-01-24",0.30023,{"date":531,"score":413,"percentile":532},"2026-01-25",0.2995,{"date":534,"score":413,"percentile":535},"2026-01-26",0.29875,{"date":537,"score":413,"percentile":538},"2026-01-27",0.29859,{"date":540,"score":413,"percentile":541},"2026-01-28",0.29844,{"date":543,"score":413,"percentile":544},"2026-01-29",0.29802,{"date":546,"score":413,"percentile":547},"2026-01-30",0.29792,{"date":549,"score":413,"percentile":550},"2026-01-31",0.2979,{"date":552,"score":413,"percentile":553},"2026-02-01",0.2986,[555,562,566],{"source":259,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":556,"cvss_v4_0":9},{"baseScore":557,"baseSeverity":558,"vectorString":559,"impactScore":560,"exploitabilityScore":561},7.5,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",6,10,{"source":253,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":563,"cvss_v4_0":9},{"baseScore":251,"baseSeverity":564,"vectorString":254,"impactScore":565,"exploitabilityScore":561},"CRITICAL",8.7,{"source":260,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":567,"cvss_v4_0":9},{"baseScore":557,"baseSeverity":9,"vectorString":559,"impactScore":560,"exploitabilityScore":561},[569,581,588],{"ecosystem":570,"name":270,"vendor":571,"product":572,"cpe_part":9,"purl_type":573,"purl_namespace":571,"purl_name":572,"source":9,"versions":574},"Go","github.com/hashicorp","go-slug","golang",[575],{"version":576,"is_range":577,"range_type":578,"version_start":9,"version_start_type":9,"version_end":579,"version_end_type":580,"fixed_in":9},"lt0_16_3",true,"semver","0.16.3","excluding",{"ecosystem":9,"name":572,"vendor":582,"product":572,"cpe_part":583,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":584},"hashicorp","a",[585],{"version":586,"is_range":577,"range_type":587,"version_start":9,"version_start_type":9,"version_end":579,"version_end_type":580,"fixed_in":9},"lt0.16.3","cpe",{"ecosystem":9,"name":589,"vendor":582,"product":590,"cpe_part":583,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":591},"Shared library","shared library",[592],{"version":593,"is_range":577,"range_type":259,"version_start":9,"version_start_type":9,"version_end":594,"version_end_type":580,"fixed_in":9},"\u003C 0.16.2","0.16.2"]