44 matches found
OpenTofu: Possible arbitrary file read during certain git operations via a maliciously crafted URL
Impact Possible data exposure. Summary While downloading packages from a maliciously crafted URL, some git operations against that URL could allow arbitrary file read. This might allow disclosure of confidential information. Details OpenTofu relies on go-getter for downloading packages like...
CVE-2026-47357
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...
CLEANSTART-2026-DR81473 HashiCorp’s go-getter library up to v1
Multiple security vulnerabilities affect the harbor-scanner-trivy-fips package. HashiCorp’s go-getter library up to v1. See references for individual vulnerability details...
Exploit for CVE-2026-4660
CVE-2026-4660 PoC Proof of concept for CVE-2026-4660https:...
DEBIAN-CVE-2026-4660
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
CVE-2026-4660
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
HashiCorp go-getter 安全漏洞
HashiCorp go-getter is a Go golang library from the American company HashiCorp, used to download files or directories using URLs as the main input format from various sources. HashiCorp go-getter versions prior to v1.8.5 contained a security vulnerability that allowed arbitrary files to be read...
EUVD-2022-1591
Malicious code in bioql PyPI...
EUVD-2023-0733
Malicious code in bioql PyPI...
EUVD-2022-3588
Malicious code in bioql PyPI...
EUVD-2022-3749
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-0475
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. CVE-2023-0475 Note that Nessus relies on the presence ...
Linux Distros Unpatched Vulnerability : CVE-2024-6257
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp's go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2024-3817
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp's go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the...
GHSA-WJRX-6529-HCJ3 HashiCorp go-getter Vulnerable to Symlink Attacks
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...
CVE-2025-8959 HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...
HashiCorp go-getter 安全漏洞
HashiCorp go-getter is a library for Go golang from HashiCorp, Inc. for downloading files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter versions prior to 1.7.9, which stems from a symbolic link attack and could...
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
...
Command Injection
github.com/hashicorp/go-getter is vulnerable to Command Injection. The vulnerability is caused by improper handling of arguments in Git operations within getgit.go. This allows attackers to manipulate the Git configuration and execute arbitrary code...
DEBIAN-CVE-2024-6257
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...