Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:35804
HistoryJun 02, 2022 - 11:26 a.m.

Command Injection

2022-06-0211:26:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
26
command injection
github
hashicorp

EPSS

0.002

Percentile

61.4%

github.com/hashicorp/go-getter is vulnerable to command injection. The vulnerability exists in clone function in get_hg.go due to improper handling of user input which allows an attacker to inject and execute arbitrary commands.