This repository has been archived by the owner on Jan 3, 2023. It is now read-only.
CVE-2022-29810 (Medium) detected in github.com/hashicorp/go-getter-v1.4.0 #7
Labels
security vulnerability
Security vulnerability detected by WhiteSource
CVE-2022-29810 - Medium Severity Vulnerability
Vulnerable Library - github.com/hashicorp/go-getter-v1.4.0
Package for downloading things from a string URL using a variety of protocols.
Library home page: https://proxy.golang.org/github.com/hashicorp/go-getter/@v/v1.4.0.zip
Dependency Hierarchy:
Vulnerability Details
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
Publish Date: 2022-04-27
URL: CVE-2022-29810
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29810
Release Date: 2022-04-27
Fix Resolution: v1.5.11
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: