github.com/hashicorp/go-getter is vulnerable to path traversal. An attacker can access files outside the expected directory and download files or directories from various sources using malicious URLs by providing malicious inputs
discuss.hashicorp.com
discuss.hashicorp.com/
discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
github.com/advisories/GHSA-fcgg-rvwg-jv58
github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48
github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45
github.com/hashicorp/go-getter/pull/359
github.com/hashicorp/go-getter/pull/361
github.com/hashicorp/go-getter/releases