Lucene search

K
osvGoogleOSV:GHSA-FCGG-RVWG-JV58
HistoryMay 26, 2022 - 12:01 a.m.

HashiCorp go-getter unsafe downloads

2022-05-2600:01:27
Google
osv.dev
14
hashicorp
go-getter
software
vulnerability
download

EPSS

0.002

Percentile

61.4%

HashiCorp go-getter through 2.0.2 does not safely perform downloads. Protocol switching, endless redirect, and configuration bypass were possible via abuse of custom HTTP response header processing.

EPSS

0.002

Percentile

61.4%