VDB
GO-2022-0586
GO-2022-0586
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Resource exhaustion in github.com/hashicorp/go-getter and related modules
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | hashicorp/go-getter | 0, 0 |
| github.com | hashicorp/go-getter/v2 | 0, 0 |
| github.com | hashicorp/go-getter/s3/v2 | 0, 0 |
| github.com | hashicorp/go-getter/gcs/v2 | 0, 0 |
Timeline
- May 26, 2022 CVE Published
- May 20, 2024 CVE Updated
References
- https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 advisory
- https://github.com/hashicorp/go-getter/pull/359 fix
- https://github.com/hashicorp/go-getter/pull/361 fix
- https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48 fix
- https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 fix