Lucene search
HistoryJun 25, 2024 - 5:15 p.m.
CVE-2024-6257
hashicorp
go-getter library
git update
vulnerability
arbitrary code execution
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
Related
osv
osv
CGA-grwc-xwh5-vfhw
2024-06-26 12:04:24
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
2024-06-25 18:31:22
CGA-p58v-7jgp-wxgq
2024-06-26 12:04:27
redhatcve
redhatcve
CVE-2024-6257
2024-06-25 19:21:11
github
github
debiancve
debiancve
CVE-2024-6257
2024-06-25 17:15:10
ubuntucve
ubuntucve
CVE-2024-6257
2024-06-25 00:00:00
cve
cve
CVE-2024-6257
2024-06-25 17:15:10
cvelist
cvelist
veracode
veracode
Command Injection
2024-06-26 06:23:22
vulnrichment
vulnrichment
wolfi
wolfi
CVE-2024-6257 vulnerabilities
2024-07-06 03:08:40
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
Related for NVD:CVE-2024-6257