HashiCorp Go Getter

Do you want an email whenever new security vulnerabilities are reported in HashiCorp Go Getter?

By the Year

In 2023 there have been 1 vulnerability in HashiCorp Go Getter with an average score of 6.5 out of ten. Last year Go Getter had 5 security vulnerabilities published. Right now, Go Getter is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 1.72

Year	Vulnerabilities	Average Score
2023	1	6.50
2022	5	8.22
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	0	0.00

It may take a day or so for new Go Getter vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent HashiCorp Go Getter Security Vulnerabilities

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs

CVE-2023-0475 6.5 - Medium - February 16, 2023

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

go-getter up to 1.5.11 and 2.0.2

CVE-2022-26945 9.8 - Critical - May 25, 2022

go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.

Command Injection

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files

CVE-2022-30323 8.6 - High - May 25, 2022

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses

CVE-2022-30322 8.6 - High - May 25, 2022

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.

go-getter up to 1.5.11 and 2.0.2

CVE-2022-30321 8.6 - High - May 25, 2022

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key

CVE-2022-29810 5.5 - Medium - April 27, 2022

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.

Insertion of Sensitive Information into Log File

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for HashiCorp Go Getter or by HashiCorp? Click the Watch button to subscribe.

HashiCorp
Vendor

HashiCorp Go Getter
Product

HashiCorp Go Getter

By the Year

Recent HashiCorp Go Getter Security Vulnerabilities

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs CVE-2023-0475 6.5 - Medium - February 16, 2023

go-getter up to 1.5.11 and 2.0.2 CVE-2022-26945 9.8 - Critical - May 25, 2022

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files CVE-2022-30323 8.6 - High - May 25, 2022

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses CVE-2022-30322 8.6 - High - May 25, 2022

go-getter up to 1.5.11 and 2.0.2 CVE-2022-30321 8.6 - High - May 25, 2022

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key CVE-2022-29810 5.5 - Medium - April 27, 2022