What is CVE-2022-30323?

CVE-2022-30323 is a vulnerability found in go-getter that allows an attacker to bypass certain configuration settings and may lead to a denial of service.

How does go-getter process HTTP responses?

Go-getter processes HTTP responses in a vulnerable way that can be exploited by attackers.

What can an attacker do with CVE-2022-30323?

An attacker can bypass certain configuration settings and potentially cause a denial of service.

How can the vulnerability in go-getter be fixed?

The vulnerability in go-getter can be fixed by updating to version 1.6.1 or higher.

Where can I find more information about CVE-2022-30323?

You can find more information about CVE-2022-30323 in the references provided.

Vulnerability/
CVE-2022-30323

high

8.6

CWE

229

24/5/2022

25/5/2022

26/5/2022

3/8/2024

CVE-2022-30323

First published: Tue May 24 2022(Updated: )

A flaw was found in go-getter. Several vulnerabilities were identified in how go-getter processes HTTP responses, response headers, and password-protected ZIP files. This flaw allows an attacker to bypass certain configuration settings and may lead to a denial of service.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
HashiCorp go-getter	<=1.5.11
HashiCorp go-getter	=2.0.2
redhat/github.com/hashicorp/go-getter	<1.6.1	1.6.1
redhat/github.com/hashicorp/go-getter	<2.1.0	2.1.0
go/github.com/hashicorp/go-getter/gcs/v2	<2.1.0	2.1.0
go/github.com/hashicorp/go-getter/s3/v2	<2.1.0	2.1.0
go/github.com/hashicorp/go-getter/v2	<2.1.0	2.1.0
go/github.com/hashicorp/go-getter	>=2.0.0<2.1.0	2.1.0
go/github.com/hashicorp/go-getter	<1.6.1	1.6.1

Remedy

The fix includes new configuration options to help limit the security exposure and have more secure defaults.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2022-30323?
CVE-2022-30323 is a vulnerability found in go-getter that allows an attacker to bypass certain configuration settings and may lead to a denial of service.
How does go-getter process HTTP responses?
Go-getter processes HTTP responses in a vulnerable way that can be exploited by attackers.
What can an attacker do with CVE-2022-30323?
An attacker can bypass certain configuration settings and potentially cause a denial of service.
How can the vulnerability in go-getter be fixed?
The vulnerability in go-getter can be fixed by updating to version 1.6.1 or higher.
Where can I find more information about CVE-2022-30323?
You can find more information about CVE-2022-30323 in the references provided.

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
agent/severity
agent/remedy
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-30323
agent/software-canonical-lookup
collector/github-advisory-latest
source/GitHub
alias/GHSA-28r2-q6m8-9hpx
agent/references
agent/softwarecombine
agent/description
collector/nvd-cve
source/NVD
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
agent/trending
vendor/hashicorp
canonical/hashicorp go-getter
version/hashicorp go-getter/1.5.11
version/hashicorp go-getter/2.0.2
package-manager/redhat
package-manager/go