219 matches found
PT-2024-5223 · Go-Getter +2 · Go-Getter +2
Name of the Vulnerable Software and Affected Versions: go-getter versions prior to 1.7.4 go-getter/v2 branch and package are not affected Description: The go-getter library is vulnerable to argument injection when executing Git to discover remote branches. An attacker may format a Git URL in orde...
Go-Getter Vulnerable to Decompression Bombs
...
GO-2023-1578 Denial of service in github.com/hashicorp/go-getter/v2
HashiCorp go-getter is vulnerable to decompression bombs. This can lead to excessive memory consumption and denial-of-service attacks...
CVE-2023-0475
A flaw was found in the HashiCorp go-getter package. Affected versions of the HashiCorp go-getter package are vulnerable to a denial of service via a malicious compressed archive...
Data Amplification in HashiCorp go-getter
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
GHSA-JPXJ-2JVG-6JV9 Data Amplification in HashiCorp go-getter
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
AZL-13586 CVE-2023-0475 affecting package packer for versions less than 1.8.7-1
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
AZL-13606 CVE-2023-0475 affecting package terraform for versions less than 1.3.2-22
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
DEBIAN-CVE-2023-0475
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
CVE-2023-0475
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
UBUNTU-CVE-2023-0475
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
CVE-2023-0475
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
Design/Logic Flaw
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
CVE-2023-0475 Go-Getter Vulnerable to Decompression Bombs
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
CVE-2023-0475
CVE-2023-0475 affects HashiCorp go-getter versions up to 1.6.2 and 2.1.1. The flaw is a decompression-bomb vulnerability arising from improper handling of highly compressed data, allowing crafted archives to crash the library. Remediation: upgrade to 1.7.0 (or 2.2.0) where fixed. Connected docume...
CVE-2023-0475 Go-Getter Vulnerable to Decompression Bombs
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
CVE-2023-0475 Go-Getter Vulnerable to Decompression Bombs
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
CVE-2023-0475
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
PT-2023-16290 · Hashicorp +1 · Go-Getter +1
Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.6.2 and earlier, 2.1.1 and earlier Description: The issue concerns decompression bombs, which can lead to excessive memory consumption and denial-of-service attacks. Recommendations: For versions 1.6.2 and...
HashiCorp go-getter 安全漏洞
HashiCorp go-getter is a library for Go golang from HashiCorp, USA, for downloading files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter version 1.x prior to 1.7.0 and version 2.x prior to 2.2.0, which stems from...