This repository has been archived by the owner on Jan 3, 2023. It is now read-only.
CVE-2022-30321 (High) detected in github.com/hashicorp/go-getter-v1.4.0 #10
Labels
security vulnerability
Security vulnerability detected by WhiteSource
CVE-2022-30321 - High Severity Vulnerability
Vulnerable Library - github.com/hashicorp/go-getter-v1.4.0
Package for downloading things from a string URL using a variety of protocols.
Library home page: https://proxy.golang.org/github.com/hashicorp/go-getter/@v/v1.4.0.zip
Dependency Hierarchy:
Vulnerability Details
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
Publish Date: 2022-05-25
URL: CVE-2022-30321
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
Release Date: 2022-05-25
Fix Resolution: v2.1.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: