Lucene search
K

219 matches found

BDU FSTEC
BDU FSTEC
added 2024/09/04 12:0 a.m.7 views

The vulnerability of the Go Getter library, related to the improper neutralization of special elements used in the command, allows a hacker to execute arbitrary code.

The vulnerability of the Go Getter library is related to the update of Git for the existing, maliciously modified Git configuration. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.4CVSS7.6AI score0.00973EPSS
Exploits0References4Affected Software2
Redos
Redos
added 2024/09/02 12:0 a.m.22 views

ROS-20240902-13

A vulnerability in the Go Getter library is related to a Git update for an existing maliciously modified Git configuration. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

8.8CVSS6.8AI score0.00973EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.23 views

CBL Mariner 2.0 Security Update: terraform (CVE-2024-6257)

The version of terraform installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6257 advisory. - HashiCorp's go-getter library can be coerced into executing Git update on an existing maliciously modified...

8.8CVSS7.5AI score0.00973EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/08/05 7:0 a.m.5 views

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

...

8.8CVSS6.6AI score0.00973EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.7 views

The vulnerability of the Nomad application’s Go-getter orchestrator library, related to improper handling of argument separators in commands, allows a malicious actor to format the Git URL, thereby allowing them to inject additional Git arguments into the Git command.

The vulnerability of the Nomad application’s Go-getter orchestrator library relates to the improper elimination of argument separators in commands. Exploiting this vulnerability allows a malicious actor to format the Git URL remotely, thereby introducing additional Git arguments during the Git...

10CVSS6.6AI score0.01329EPSS
Exploits0References4Affected Software3
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.18 views

CBL Mariner 2.0 Security Update: terraform (CVE-2024-3817)

The version of terraform installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3817 advisory. - HashiCorp's go-getter library is vulnerable to argument injection when executing Git to discover remote...

9.8CVSS7.1AI score0.01329EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/06/26 11:39 p.m.3 views

SUSE CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS5.5AI score0.00454EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/06/26 11:25 p.m.3 views

SUSE CVE-2024-6257

HashiCorp's go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

8.8CVSS7.8AI score0.00973EPSS
Exploits0References5
Veracode
Veracode
added 2024/06/26 6:23 a.m.46 views

Command Injection

github.com/hashicorp/go-getter is vulnerable to Command Injection. The vulnerability is caused by improper handling of arguments in Git operations within getgit.go. This allows attackers to manipulate the Git configuration and execute arbitrary code...

8.4CVSS7.2AI score0.00973EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/06/25 7:21 p.m.23 views

CVE-2024-6257

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

7.7CVSS7.7AI score0.00973EPSS
Exploits0References3
OSV
OSV
added 2024/06/25 6:31 p.m.20 views

GHSA-XFHP-JF8P-MH5W HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination...

8.4CVSS8AI score0.00973EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/06/25 6:31 p.m.21 views

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination...

8.8CVSS7.8AI score0.00973EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/06/25 5:15 p.m.2 views

DEBIAN-CVE-2024-6257

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

8.8CVSS8.1AI score0.00973EPSS
Exploits0References1
OSV
OSV
added 2024/06/25 5:15 p.m.3 views

AZL-42982 CVE-2024-6257 affecting package terraform for versions less than 1.3.2-17

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

8.8CVSS7.2AI score0.00973EPSS
Exploits0References1
NVD
NVD
added 2024/06/25 5:15 p.m.22 views

CVE-2024-6257

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

8.8CVSS0.00973EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/06/25 5:15 p.m.20 views

CVE-2024-6257

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

8.8CVSS6.9AI score0.00973EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/25 4:31 p.m.23 views

CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

8.4CVSS7.7AI score0.00973EPSS
Exploits0References1
OSV
OSV
added 2024/06/25 4:31 p.m.15 views

CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

8.4CVSS7.3AI score0.00973EPSS
Exploits0References4
CVE
CVE
added 2024/06/25 4:31 p.m.294 views

CVE-2024-6257

CVE-2024-6257 (HashiCorp go-getter) : The issue allows a remote authenticated attacker to cause arbitrary code execution by coercing go-getter to run a Git update via a manipulated Git configuration. Root cause is described as input validation issues during Git operations, enabling code execution...

8.8CVSS8.6AI score0.00973EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/25 4:31 p.m.42 views

CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

8.4CVSS0.00973EPSS
Exploits0References1
Rows per page
Query Builder