14 matches found
EUVD-2022-5681
Malicious code in bioql PyPI...
GO-2022-0586 Resource exhaustion in github.com/hashicorp/go-getter and related modules
Malicious HTTP responses can cause a number of misbehaviors, including overwriting local files, resource exhaustion, and panics. Protocol switching, endless redirect, and configuration bypass are possible through abuse of custom HTTP response header processing. Arbitrary host access is possible...
HashiCorp go-getter unsafe downloads
HashiCorp go-getter through 2.0.2 does not safely perform downloads. Protocol switching, endless redirect, and configuration bypass were possible via abuse of custom HTTP response header processing...
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
DEBIAN-CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
UBUNTU-CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
Design/Logic Flaw
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
CVE-2022-26945
The CVE-2022-26945 entry concerns HashiCorp go-getter, where affected versions include up to 1.5.11 and 2.0.2. The root issue is abuse of custom HTTP response header processing that enables protocol switching, endless redirects, and a configuration bypass. Mitigation/fix is available: go-getter 1...
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
Xerox WorkCentre Multiple Vulnerabilities
Binary data 3834.prm...