CVE-2025-47911 affecting package terraform for versions less than 1.3.2-29

CVE-2025-47911 affecting package terraform for versions less than 1.3.2-29. A patched version of the package is available...

CVE-2023-4782

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

ROS-20251020-01

Vulnerability in open source external resource management software Terraform is associated with an incorrect restriction on the path name of a restricted directory. Exploitation of the vulnerability could allow an attacker to download arbitrary files...

CVE-2025-30204 affecting package terraform for versions less than 1.3.2-24

CVE-2025-30204 affecting package terraform for versions less than 1.3.2-24. A patched version of the package is available...

CVE-2025-22869 affecting package terraform for versions less than 1.3.2-23

CVE-2025-22869 affecting package terraform for versions less than 1.3.2-23. A patched version of the package is available...

AZL-42931 CVE-2024-6104 affecting package terraform for versions less than 1.3.2-17

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

AZL-31347 CVE-2023-44487 affecting package terraform for versions less than 1.3.2-11

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-29705 CVE-2023-4782 affecting package terraform for versions less than 1.3.2-19

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

PT-2023-36187 · Google +1 · Go +1

Name of the Vulnerable Software and Affected Versions: Terraform affected versions not specified Description: The issue is related to a security release in Go 1.19, which Terraform is rebuilt with to address the problem. Recommendations: At the moment, there is no information about a newer versio...

AZL-33646 CVE-2022-32149 affecting package terraform for versions less than 1.3.2-19

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...