3 matches found
Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations
Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...
Arbitrary Argument Injection
Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the GitGetter function that lacks validation for git options when attempting to check th...
PT-2020-10036 · Cloud Native Computing Foundation +1 · Harbor +1
Name of the Vulnerable Software and Affected Versions: Cloud Native Computing Foundation Harbor versions prior to 1.8.6 and 1.9.3 Description: The issue allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. This is a problem related to the...