This repository has been archived by the owner on Jan 3, 2023. It is now read-only.
CVE-2022-30322 (High) detected in github.com/hashicorp/go-getter-v1.4.0 #9
Labels
security vulnerability
Security vulnerability detected by WhiteSource
CVE-2022-30322 - High Severity Vulnerability
Vulnerable Library - github.com/hashicorp/go-getter-v1.4.0
Package for downloading things from a string URL using a variety of protocols.
Library home page: https://proxy.golang.org/github.com/hashicorp/go-getter/@v/v1.4.0.zip
Dependency Hierarchy:
Vulnerability Details
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.
Publish Date: 2022-05-25
URL: CVE-2022-30322
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
Release Date: 2022-05-25
Fix Resolution: v2.1.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: