HashiCorp Go-getter Arg Injection via Git
CVE-2024-3817 Published on April 17, 2024
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
HashiCorps go-getter library is vulnerable to argument injection when executing Git to discover remote branches.
This vulnerability does not affect the go-getter/v2 branch and package.
Weakness Type
What is an Argument Injection Vulnerability?
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
CVE-2024-3817 has been classified to as an Argument Injection vulnerability or weakness.
Products Associated with CVE-2024-3817
Want to know whenever a new CVE is published for HashiCorp Go Getter? stack.watch will email you.
Affected Versions
HashiCorp Shared library:- Version 1.5.9 and below 1.7.3 is affected.
- Version 1.5.9 and below 1.7.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.