8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
7.2 High
AI Score
Confidence
Low
github.com/hashicorp/go-getter is vulnerable to Command Injection. The vulnerability is caused by improper handling of arguments in Git operations within get_git.go
. This allows attackers to manipulate the Git configuration and execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/hashicorp/go-getter | le | v1.7.4 | |
github.com/hashicorp/go-getter | le | v1.7.4 |