Information on source package golang-github-hashicorp-go-getter

Available versions

ReleaseVersion
stretch0.0~git20160316.0.575ec4e-1
buster0.0~git20160316.0.575ec4e-1
bullseye1.4.1-1
bookworm1.4.1-1
sid1.4.1-1

Open issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2024-6257vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerableHashiCorp\u2019s go-getter library can be coerced into executing Git u ...
CVE-2024-3817vulnerablefixedvulnerable (no DSA)vulnerable (no DSA)vulnerableHashiCorp\u2019s go-getter library is vulnerable to argument injection ...
CVE-2023-0475vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerableHashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...
CVE-2022-30323vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerablego-getter up to 1.5.11 and 2.0.2 panicked when processing password-pro ...
CVE-2022-30322vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerablego-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustio ...
CVE-2022-30321vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerablego-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go- ...
CVE-2022-26945vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerablego-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless r ...

Resolved issues

BugDescription
CVE-2022-29810The Hashicorp go-getter library before 1.5.11 does not redact an SSH k ...

Search for package or bug name: Reporting problems