2 matches found
Arbitrary Argument Injection
Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the GitGetter function that lacks validation for git options when attempting to check th...
CVE-2023-0475
A flaw was found in the HashiCorp go-getter package. Affected versions of the HashiCorp go-getter package are vulnerable to a denial of service via a malicious compressed archive...