Github.Com Hashicorp Terraform vulnerabilities

CVE-2023-4782 [MEDIUM] CWE-22 Terraform allows arbitrary file write during the `init` operation Terraform allows arbitrary file write during the `init` operation Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

CVE-2019-19316 [HIGH] CWE-20 Use of a Broken or Risky Cryptographic Algorithm in Terraform Use of a Broken or Risky Cryptographic Algorithm in Terraform When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. ### Specific Go Packages Affected github.com/hashicorp/terraform/backend/remote-state/azure