rpm package
opensuse/helmfile&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/helmfile&distro=openSUSE%20Leap%2016.0
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-0377 | — | < 1.1.9-bp160.1.1 | 1.1.9-bp160.1.1 | Jan 21, 2025 | HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. | ||
| CVE-2024-45338 | Med | 5.3 | < 1.1.9-bp160.1.1 | 1.1.9-bp160.1.1 | Dec 18, 2024 | An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. |
- CVE-2025-0377Jan 21, 2025affected < 1.1.9-bp160.1.1fixed 1.1.9-bp160.1.1
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
- affected < 1.1.9-bp160.1.1fixed 1.1.9-bp160.1.1
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.