Go modules package
github.com/zarf-dev/zarf/src/pkg/archive
pkg:golang/github.com/zarf-dev/zarf/src/pkg/archive
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-29064 | — | >= 0.54.0, < 0.73.1 | 0.73.1 | Mar 6, 2026 | Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrar |
- CVE-2026-29064Mar 6, 2026affected >= 0.54.0, < 0.73.1fixed 0.73.1
Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrar