First published: Wed Apr 17 2024(Updated: )
HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package.
Credit: security@hashicorp.com security@hashicorp.com
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/hashicorp/go-getter | >=1.5.9<1.7.4 | 1.7.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.