cbcvebase.

Hashicorp Shared Library vulnerabilities

7 known vulnerabilities affecting hashicorp/shared_library.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-0969P3HIGHCVSS 8.8≥ 4.3.0, < 6.0.02026-02-12
CVE-2026-0969 [HIGH] CWE-94 CVE-2026-0969: The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execut The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0.
nvd
CVE-2024-3817P3CRITICALCVSS 9.8≥ 1.5.9, < 1.7.32024-04-17
CVE-2024-3817 [CRITICAL] CWE-88 CVE-2024-3817: HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover rem HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package.
nvd
CVE-2024-6257P3HIGHCVSS 8.8fixed in 1.7.42024-06-25
CVE-2024-6257 [HIGH] CWE-77 CVE-2024-6257: HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously mo HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
nvd
CVE-2025-0377P3CRITICALCVSS 9.1fixed in 0.16.22025-01-21
CVE-2025-0377 [CRITICAL] CWE-59 CVE-2025-0377: HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provid HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
nvd
CVE-2025-8959P3HIGHCVSS 7.5fixed in 1.7.82025-08-15
CVE-2025-8959 [HIGH] CWE-59 CVE-2025-8959: HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.
nvd
CVE-2026-8052P4MEDIUMCVSS 6.0≥ 0.1.0, < 0.1.22026-05-12
CVE-2026-8052 [MEDIUM] CWE-59 CVE-2026-8052: HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.
nvd
CVE-2024-6104P4MEDIUMCVSS 5.5fixed in 0.7.72024-06-24
CVE-2024-6104 [MEDIUM] CWE-532 CVE-2024-6104: go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
nvd
Hashicorp Shared Library vulnerabilities | cvebase