HashiCorp Go Getter
By the Year
In 2024 there have been 0 vulnerabilities in HashiCorp Go Getter . Last year Go Getter had 1 security vulnerability published. Right now, Go Getter is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 6.50 |
2022 | 5 | 8.22 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Go Getter vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent HashiCorp Go Getter Security Vulnerabilities
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs
CVE-2023-0475
6.5 - Medium
- February 16, 2023
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.
go-getter up to 1.5.11 and 2.0.2
CVE-2022-26945
9.8 - Critical
- May 25, 2022
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files
CVE-2022-30323
8.6 - High
- May 25, 2022
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses
CVE-2022-30322
8.6 - High
- May 25, 2022
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.
go-getter up to 1.5.11 and 2.0.2
CVE-2022-30321
8.6 - High
- May 25, 2022
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
Directory traversal
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key
CVE-2022-29810
5.5 - Medium
- April 27, 2022
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
Insertion of Sensitive Information into Log File
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for HashiCorp Go Getter or by HashiCorp? Click the Watch button to subscribe.