Github.Com Hashicorp Go-Getter V2 vulnerabilities
5 known vulnerabilities affecting github.com/hashicorp_go-getter_v2.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-0475MEDIUM≥ 2.0.0, < 2.2.02023-02-16
CVE-2023-0475 [MEDIUM] CWE-409 Data Amplification in HashiCorp go-getter
Data Amplification in HashiCorp go-getter
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.
ghsaosv
CVE-2022-26945CRITICAL≥ 0, < 2.1.02022-05-26
CVE-2022-26945 [CRITICAL] CWE-77 HashiCorp go-getter command injection
HashiCorp go-getter command injection
HashiCorp go-getter before 2.0.2 allows Command Injection.
ghsaosv
CVE-2022-30323HIGH≥ 0, < 2.1.02022-05-26
CVE-2022-30323 [HIGH] HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion
HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion
HashiCorp go-getter through 2.0.2 does not safely perform downloads. Asymmetric resource exhaustion could occur when go-getter processed malicious HTTP responses.
ghsa
CVE-2022-30322HIGH≥ 0, < 2.1.02022-05-26
CVE-2022-30322 [HIGH] HashiCorp go-getter unsafe downloads could lead to arbitrary host access
HashiCorp go-getter unsafe downloads could lead to arbitrary host access
HashiCorp go-getter through 2.0.2 does not safely perform downloads. Arbitrary host access was possible via go-getter path traversal, symlink processing, and command injection flaws.
ghsa
CVE-2022-30321HIGH≥ 0, < 2.1.02022-05-26
CVE-2022-30321 [HIGH] HashiCorp go-getter unsafe downloads
HashiCorp go-getter unsafe downloads
HashiCorp go-getter through 2.0.2 does not safely perform downloads. Protocol switching, endless redirect, and configuration bypass were possible via abuse of custom HTTP response header processing.
ghsa