Github.Com Hashicorp Go-Getter Gcs V2 vulnerabilities
4 known vulnerabilities affecting github.com/hashicorp_go-getter_gcs_v2.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3
Vulnerabilities
Page 1 of 1
CVE-2022-26945CRITICAL≥ 0, < 2.1.02022-05-26
CVE-2022-26945 [CRITICAL] CWE-77 HashiCorp go-getter command injection
HashiCorp go-getter command injection
HashiCorp go-getter before 2.0.2 allows Command Injection.
ghsaosv
CVE-2022-30323HIGH≥ 0, < 2.1.02022-05-26
CVE-2022-30323 [HIGH] HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion
HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion
HashiCorp go-getter through 2.0.2 does not safely perform downloads. Asymmetric resource exhaustion could occur when go-getter processed malicious HTTP responses.
ghsa
CVE-2022-30322HIGH≥ 0, < 2.1.02022-05-26
CVE-2022-30322 [HIGH] HashiCorp go-getter unsafe downloads could lead to arbitrary host access
HashiCorp go-getter unsafe downloads could lead to arbitrary host access
HashiCorp go-getter through 2.0.2 does not safely perform downloads. Arbitrary host access was possible via go-getter path traversal, symlink processing, and command injection flaws.
ghsa
CVE-2022-30321HIGH≥ 0, < 2.1.02022-05-26
CVE-2022-30321 [HIGH] HashiCorp go-getter unsafe downloads
HashiCorp go-getter unsafe downloads
HashiCorp go-getter through 2.0.2 does not safely perform downloads. Protocol switching, endless redirect, and configuration bypass were possible via abuse of custom HTTP response header processing.
ghsa