github.com/hashicorp/go-getter is vulnerable to Denial of Service (DoS). The vulnerability is due to unbounded recursion when decompressing a ZIP archive, resulting in an application crash when decompressing a maliciously crafted archive, or “ZIP Bomb”.
discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125
github.com/advisories/GHSA-jpxj-2jvg-6jv9
github.com/hashicorp/go-getter/commit/017a2ee8897ec08a291eadf4815c66c9d9fe6f58
github.com/hashicorp/go-getter/commit/78e6721a2a76266718dc92c3c03c1571dffdefdc