Lucene search

K
osvGoogleOSV:GHSA-28R2-Q6M8-9HPX
HistoryMay 26, 2022 - 12:01 a.m.

HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion

2022-05-2600:01:27
Google
osv.dev
12
hashicorp
go-getter
unsafe
downloads
resource exhaustion

EPSS

0.002

Percentile

61.4%

HashiCorp go-getter through 2.0.2 does not safely perform downloads. Asymmetric resource exhaustion could occur when go-getter processed malicious HTTP responses.

EPSS

0.002

Percentile

61.4%