Lucene search
K

44 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 4:35 p.m.8 views

OpenTofu: Possible arbitrary file read during certain git operations via a maliciously crafted URL

Impact Possible data exposure. Summary While downloading packages from a maliciously crafted URL, some git operations against that URL could allow arbitrary file read. This might allow disclosure of confidential information. Details OpenTofu relies on go-getter for downloading packages like...

7.5CVSS6AI score0.00583EPSS
Exploits1References9Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 3:53 p.m.9 views

CVE-2026-47357

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...

9.2CVSS5.8AI score0.00482EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 12:55 a.m.12 views

CLEANSTART-2026-DR81473 HashiCorp’s go-getter library up to v1

Multiple security vulnerabilities affect the harbor-scanner-trivy-fips package. HashiCorp’s go-getter library up to v1. See references for individual vulnerability details...

9.8CVSS5.7AI score0.00694EPSS
Exploits2References24
GithubExploit
GithubExploit
added 2026/04/10 8:15 p.m.168 views

Exploit for CVE-2026-4660

CVE-2026-4660 PoC Proof of concept for CVE-2026-4660https:...

7.5CVSS5.7AI score0.00583EPSS
Exploits1
OSV
OSV
added 2026/04/09 2:16 p.m.4 views

DEBIAN-CVE-2026-4660

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS5.5AI score0.00583EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/04/09 1:47 p.m.23 views

CVE-2026-4660

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS5.4AI score0.00583EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

HashiCorp go-getter 安全漏洞

HashiCorp go-getter is a Go golang library from the American company HashiCorp, used to download files or directories using URLs as the main input format from various sources. HashiCorp go-getter versions prior to v1.8.5 contained a security vulnerability that allowed arbitrary files to be read...

7.5CVSS7.4AI score0.00583EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2022-1591

Malicious code in bioql PyPI...

5.5CVSS7AI score0.00403EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0733

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.00454EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3588

Malicious code in bioql PyPI...

8.6CVSS7.2AI score0.01279EPSS
Exploits0References25
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3749

Malicious code in bioql PyPI...

8.6CVSS7.2AI score0.03054EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-0475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. CVE-2023-0475 Note that Nessus relies on the presence ...

6.5CVSS6.6AI score0.00454EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-6257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp's go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary...

8.8CVSS7.2AI score0.00973EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-3817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp's go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the...

9.8CVSS7AI score0.01329EPSS
Exploits0References3
OSV
OSV
added 2025/08/15 9:31 p.m.7 views

GHSA-WJRX-6529-HCJ3 HashiCorp go-getter Vulnerable to Symlink Attacks

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS6.7AI score0.00507EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/15 8:32 p.m.3 views

CVE-2025-8959 HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

7.5CVSS6.8AI score0.00507EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.5 views

HashiCorp go-getter 安全漏洞

HashiCorp go-getter is a library for Go golang from HashiCorp, Inc. for downloading files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter versions prior to 1.7.9, which stems from a symbolic link attack and could...

7.5CVSS6.5AI score0.00507EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/08/05 7:0 a.m.5 views

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

...

8.8CVSS6.6AI score0.00973EPSS
Exploits0
Veracode
Veracode
added 2024/06/26 6:23 a.m.46 views

Command Injection

github.com/hashicorp/go-getter is vulnerable to Command Injection. The vulnerability is caused by improper handling of arguments in Git operations within getgit.go. This allows attackers to manipulate the Git configuration and execute arbitrary code...

8.4CVSS7.2AI score0.00973EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/25 5:15 p.m.2 views

DEBIAN-CVE-2024-6257

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

8.8CVSS8.1AI score0.00973EPSS
Exploits0References1
Rows per page
Query Builder