Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GO-2022-0586
HistoryMay 26, 2022 - 12:01 a.m.

Resource exhaustion in github.com/hashicorp/go-getter and related modules

2022-05-2600:01:27
Google
osv.dev
14

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.4%

JSON

Malicious HTTP responses can cause a number of misbehaviors, including overwriting local files, resource exhaustion, and panics.

  • Protocol switching, endless redirect, and configuration bypass are possible through abuse of custom HTTP response header processing.

  • Arbitrary host access is possible through go-getter path traversal, symlink processing, and command injection flaws.

  • Asymmetric resource exhaustion can occur when go-getter processes malicious HTTP responses.

  • A panic can be triggered when go-getter processed password-protected ZIP files.

Related

osv 8
redhat 14
veracode 4
cve 4
debiancve 4
ubuntucve 4
github 4
cvelist 4
nvd 4
redhatcve 4
prion 4
ibm 2
osv
osv
CVE-2022-30323
2022-05-25 12:15:08
CVE-2022-26945
2022-05-25 12:15:08
HashiCorp go-getter command injection
2022-05-26 00:01:27
redhat
redhat
(RHSA-2022:6147) Important: OpenShift Container Platform 4.9.47 bug fix and security update
2022-08-31 09:49:15
(RHSA-2022:6801) Important: OpenShift Container Platform 4.8.51 packages and security update
2022-10-13 07:38:32
(RHSA-2022:6805) Important: OpenShift Container Platform 4.10.36 security update
2022-10-12 08:09:34
veracode
veracode
Path Traversal
2022-05-26 02:56:45
Path Traversal
2022-05-26 04:19:12
Path Traversal
2022-05-26 04:00:29
cve
cve
CVE-2022-30322
2022-05-25 12:15:08
CVE-2022-30323
2022-05-25 12:15:08
CVE-2022-30321
2022-05-25 12:15:08
debiancve
debiancve
CVE-2022-30322
2022-05-25 12:15:08
CVE-2022-26945
2022-05-25 12:15:08
CVE-2022-30321
2022-05-25 12:15:08
ubuntucve
ubuntucve
CVE-2022-30323
2022-05-25 00:00:00
CVE-2022-30321
2022-05-25 00:00:00
CVE-2022-26945
2022-05-25 00:00:00
github
github
HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion
2022-05-26 00:01:27
HashiCorp go-getter unsafe downloads
2022-05-26 00:01:27
HashiCorp go-getter command injection
2022-05-26 00:01:27
cvelist
cvelist
CVE-2022-30321
2022-05-25 11:19:42
CVE-2022-26945
2022-05-25 11:19:48
CVE-2022-30323
2022-05-25 11:19:30
nvd
nvd
CVE-2022-26945
2022-05-25 12:15:08
CVE-2022-30321
2022-05-25 12:15:08
CVE-2022-30323
2022-05-25 12:15:08
redhatcve
redhatcve
CVE-2022-30321
2022-06-07 02:29:48
CVE-2022-30323
2022-06-07 02:29:58
CVE-2022-26945
2022-06-07 02:29:28
prion
prion
Path traversal
2022-05-25 12:15:00
Code injection
2022-05-25 12:15:00
Default credentials
2022-05-25 12:15:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-04-24 19:15:42
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:31:55

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.4%

JSON
Related for OSV:GO-2022-0586
osv8redhat14veracode4cve4debiancve4ubuntucve4github4cvelist4nvd4redhatcve4prion4ibm2