Lucene search
K

219 matches found

SUSE CVE
SUSE CVE
added 2025/08/25 11:33 p.m.5 views

SUSE CVE-2025-8959

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS6.7AI score0.00507EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-30322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0...

8.6CVSS7AI score0.01279EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-26945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fix...

9.8CVSS7AI score0.01525EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-30321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and...

8.6CVSS7AI score0.03054EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-30323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. CVE-2022-30323 Note that Nessus relies on the...

8.6CVSS7AI score0.01279EPSS
Exploits0References3
OSV
OSV
added 2025/08/15 9:31 p.m.5 views

GHSA-WJRX-6529-HCJ3 HashiCorp go-getter Vulnerable to Symlink Attacks

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS6.7AI score0.00507EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/15 9:31 p.m.8 views

HashiCorp go-getter Vulnerable to Symlink Attacks

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS5.8AI score0.00507EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/15 9:15 p.m.3 views

DEBIAN-CVE-2025-8959

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS5.6AI score0.00507EPSS
Exploits0References1
NVD
NVD
added 2025/08/15 9:15 p.m.4 views

CVE-2025-8959

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS0.00507EPSS
Exploits0References1
OSV
OSV
added 2025/08/15 9:15 p.m.5 views

UBUNTU-CVE-2025-8959

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS6.8AI score0.00507EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/15 8:32 p.m.11 views

CVE-2025-8959 HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS0.00507EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/15 8:32 p.m.2 views

Symlink Attack

Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Symlink Attack due to handling symbolic links in the specific subdirectories from a fetched source. An attacker can acces...

8.7CVSS6.9AI score0.00507EPSS
Exploits0References2
OSV
OSV
added 2025/08/15 8:32 p.m.4 views

CVE-2025-8959 HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS6.7AI score0.00507EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/15 8:32 p.m.3 views

CVE-2025-8959 HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS6.8AI score0.00507EPSS
Exploits0References1
CVE
CVE
added 2025/08/15 8:32 p.m.73 views

CVE-2025-8959

CVE-2025-8959 affects HashiCorp’s go-getter library: the subdirectory download feature is vulnerable to symlink attacks that can cause unauthorized reads outside the designated directory. The root cause is improper path resolution when following symlinks in subdirectory downloads. Impact is unaut...

7.5CVSS6.8AI score0.00507EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2025/08/15 8:32 p.m.7 views

CVE-2025-8959

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS5.6AI score0.00507EPSS
Exploits0
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/08/15 8:32 p.m.6 views

HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack

Summary HashiCorp’s go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9. Background HashiCorp’s go-getter is a...

7.5CVSS6.6AI score0.00507EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.5 views

HashiCorp go-getter 安全漏洞

HashiCorp go-getter is a library for Go golang from HashiCorp, Inc. for downloading files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter versions prior to 1.7.9, which stems from a symbolic link attack and could...

7.5CVSS6.5AI score0.00507EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.5 views

PT-2025-33508

Name of the Vulnerable Software and Affected Versions: go-getter versions prior to 1.7.9 Description: The go-getter library subdirectory download feature is susceptible to symlink attacks, potentially allowing unauthorized read access beyond the intended directory boundaries. Recommendations:...

7.5CVSS5.4AI score0.00507EPSS
Exploits0References24
RedhatCVE
RedhatCVE
added 2025/05/22 10:49 p.m.9 views

CVE-2022-30324

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1...

9.8CVSS7.3AI score0.01325EPSS
Exploits0References1
Rows per page
Query Builder