Lucene search

Go-getter Security Vulnerabilities

cve

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and...

6.5CVSS

6.2AI Score

0.001EPSS

2023-02-16 07:15 PM

183

cve

CVE-2022-26945

go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and...

9.8CVSS

9.2AI Score

0.002EPSS

2022-05-25 12:15 PM

119

cve

CVE-2022-30322

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and...

8.6CVSS

8.8AI Score

0.002EPSS

2022-05-25 12:15 PM

127

cve

CVE-2022-30321

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and...

8.6CVSS

9.2AI Score

0.001EPSS

2022-05-25 12:15 PM

126

cve

CVE-2022-30323

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and...

8.6CVSS

8.9AI Score

0.002EPSS

2022-05-25 12:15 PM

123

cve

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query...

5.5CVSS

5.2AI Score

0.0004EPSS

2022-04-27 06:15 AM

125