VDB

CISA-2023-0475

CISA-2023-0475 PUBLISHED CVSS 4.2 MEDIUM

Reported by HashiCorp · Published February 16, 2023

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

Risk Scores

CVSS 3.1
4.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
HashiCorpgo-getter0, 0
HashiCorpgo-getter0, 0, 0

Timeline

  • Feb 16, 2023 CVE Published
  • Mar 18, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›