219 matches found
The vulnerability of the Go Getter library, related to the improper neutralization of special elements used in the command, allows a hacker to execute arbitrary code.
The vulnerability of the Go Getter library is related to the update of Git for the existing, maliciously modified Git configuration. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20240902-13
A vulnerability in the Go Getter library is related to a Git update for an existing maliciously modified Git configuration. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
CBL Mariner 2.0 Security Update: terraform (CVE-2024-6257)
The version of terraform installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6257 advisory. - HashiCorp's go-getter library can be coerced into executing Git update on an existing maliciously modified...
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
...
The vulnerability of the Nomad application’s Go-getter orchestrator library, related to improper handling of argument separators in commands, allows a malicious actor to format the Git URL, thereby allowing them to inject additional Git arguments into the Git command.
The vulnerability of the Nomad application’s Go-getter orchestrator library relates to the improper elimination of argument separators in commands. Exploiting this vulnerability allows a malicious actor to format the Git URL remotely, thereby introducing additional Git arguments during the Git...
CBL Mariner 2.0 Security Update: terraform (CVE-2024-3817)
The version of terraform installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3817 advisory. - HashiCorp's go-getter library is vulnerable to argument injection when executing Git to discover remote...
SUSE CVE-2023-0475
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
SUSE CVE-2024-6257
HashiCorp's go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...
Command Injection
github.com/hashicorp/go-getter is vulnerable to Command Injection. The vulnerability is caused by improper handling of arguments in Git operations within getgit.go. This allows attackers to manipulate the Git configuration and execute arbitrary code...
CVE-2024-6257
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...
GHSA-XFHP-JF8P-MH5W HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination...
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination...
DEBIAN-CVE-2024-6257
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...
AZL-42982 CVE-2024-6257 affecting package terraform for versions less than 1.3.2-17
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...
CVE-2024-6257
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...
CVE-2024-6257
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...
CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...
CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...
CVE-2024-6257
CVE-2024-6257 (HashiCorp go-getter) : The issue allows a remote authenticated attacker to cause arbitrary code execution by coercing go-getter to run a Git update via a manipulated Git configuration. Root cause is described as input validation issues during Git operations, enabling code execution...
CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...