Lucene search
K

219 matches found

Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.14 views

PT-2024-5223 · Go-Getter +2 · Go-Getter +2

Name of the Vulnerable Software and Affected Versions: go-getter versions prior to 1.7.4 go-getter/v2 branch and package are not affected Description: The go-getter library is vulnerable to argument injection when executing Git to discover remote branches. An attacker may format a Git URL in orde...

10CVSS6.8AI score0.03153EPSS
Exploits2References37
Microsoft CVE
Microsoft CVE
added 2023/02/20 8:0 a.m.3 views

Go-Getter Vulnerable to Decompression Bombs

...

6.5CVSS6.2AI score0.00454EPSS
Exploits0
OSV
OSV
added 2023/02/17 9:16 p.m.26 views

GO-2023-1578 Denial of service in github.com/hashicorp/go-getter/v2

HashiCorp go-getter is vulnerable to decompression bombs. This can lead to excessive memory consumption and denial-of-service attacks...

6.5CVSS5.2AI score0.00454EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/02/17 12:29 p.m.25 views

CVE-2023-0475

A flaw was found in the HashiCorp go-getter package. Affected versions of the HashiCorp go-getter package are vulnerable to a denial of service via a malicious compressed archive...

4.2CVSS6.2AI score0.00454EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/02/16 9:30 p.m.31 views

Data Amplification in HashiCorp go-getter

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS6.4AI score0.00454EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2023/02/16 9:30 p.m.19 views

GHSA-JPXJ-2JVG-6JV9 Data Amplification in HashiCorp go-getter

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

4.2CVSS5.2AI score0.00454EPSS
Exploits0References5
OSV
OSV
added 2023/02/16 7:15 p.m.7 views

AZL-13586 CVE-2023-0475 affecting package packer for versions less than 1.8.7-1

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS6.5AI score0.00454EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 7:15 p.m.6 views

AZL-13606 CVE-2023-0475 affecting package terraform for versions less than 1.3.2-22

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS6.5AI score0.00454EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 7:15 p.m.1 views

DEBIAN-CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS5.8AI score0.00454EPSS
Exploits0References1
NVD
NVD
added 2023/02/16 7:15 p.m.19 views

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS5.4AI score0.00454EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 7:15 p.m.7 views

UBUNTU-CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS7.1AI score0.00454EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/02/16 7:15 p.m.29 views

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS6.6AI score0.00454EPSS
Exploits0References5
Prion
Prion
added 2023/02/16 7:15 p.m.23 views

Design/Logic Flaw

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

4.3CVSS6.4AI score0.00454EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/02/16 6:35 p.m.27 views

CVE-2023-0475 Go-Getter Vulnerable to Decompression Bombs

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

4.2CVSS6.5AI score0.00454EPSS
Exploits0References4
CVE
CVE
added 2023/02/16 6:35 p.m.334 views

CVE-2023-0475

CVE-2023-0475 affects HashiCorp go-getter versions up to 1.6.2 and 2.1.1. The flaw is a decompression-bomb vulnerability arising from improper handling of highly compressed data, allowing crafted archives to crash the library. Remediation: upgrade to 1.7.0 (or 2.2.0) where fixed. Connected docume...

6.5CVSS5.3AI score0.00454EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/16 6:35 p.m.6 views

CVE-2023-0475 Go-Getter Vulnerable to Decompression Bombs

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

4.2CVSS6.7AI score0.00454EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/16 6:35 p.m.31 views

CVE-2023-0475 Go-Getter Vulnerable to Decompression Bombs

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

4.2CVSS6.5AI score0.00454EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/02/16 6:35 p.m.53 views

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS5.3AI score0.00454EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/02/16 12:0 a.m.4 views

PT-2023-16290 · Hashicorp +1 · Go-Getter +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.6.2 and earlier, 2.1.1 and earlier Description: The issue concerns decompression bombs, which can lead to excessive memory consumption and denial-of-service attacks. Recommendations: For versions 1.6.2 and...

6.5CVSS5.1AI score0.00454EPSS
Exploits0References16
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.7 views

HashiCorp go-getter 安全漏洞

HashiCorp go-getter is a library for Go golang from HashiCorp, USA, for downloading files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter version 1.x prior to 1.7.0 and version 2.x prior to 2.2.0, which stems from...

6.5CVSS6.2AI score0.00454EPSS
Exploits0References2
Rows per page
Query Builder