VYPR

Go modules package

github.com/zarf-dev/zarf/src/pkg/archive

pkg:golang/github.com/zarf-dev/zarf/src/pkg/archive

Vulnerabilities (1)

  • CVE-2026-29064Mar 6, 2026
    affected >= 0.54.0, < 0.73.1fixed 0.73.1

    Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrar