{"id":"GO-2025-3413","summary":"HashiCorp go-slug Vulnerable to Zip Slip Attack in github.com/hashicorp/go-slug","details":"HashiCorp go-slug Vulnerable to Zip Slip Attack in github.com/hashicorp/go-slug","aliases":["CVE-2025-0377","GHSA-wpfp-cm49-9m9q"],"modified":"2026-03-17T04:51:44.791682Z","published":"2025-01-28T15:01:21Z","related":["CGA-95vj-48rh-pq79"],"database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3413"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-wpfp-cm49-9m9q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0377"},{"type":"WEB","url":"https://discuss.hashicorp.com/t/hcsec-2025-01-hashicorp-go-slug-vulnerable-to-zip-slip-attack"}],"affected":[{"package":{"name":"github.com/hashicorp/go-slug","ecosystem":"Go","purl":"pkg:golang/github.com/hashicorp/go-slug"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.16.3"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3413.json"}}],"schema_version":"1.7.5"}