Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS14MjRnLTl3N3YtdnByaM4AArN3

Critical EPSS: 0.00052% (0.16175 Percentile) EPSS:
Permalink JSON

HashiCorp go-getter command injection

Affected Packages Affected Versions Fixed Versions
go:github.com/hashicorp/go-getter/gcs/v2 < 2.1.0 2.1.0
125 Dependent packages
188 Dependent repositories

Affected Version Ranges

All affected versions

2.0.2

All unaffected versions

2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.2.3
go:github.com/hashicorp/go-getter/s3/v2 < 2.1.0 2.1.0
125 Dependent packages
188 Dependent repositories

Affected Version Ranges

All affected versions

2.0.2

All unaffected versions

2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.2.3
go:github.com/hashicorp/go-getter/v2 < 2.1.0 2.1.0
195 Dependent packages
234 Dependent repositories

Affected Version Ranges

All affected versions

2.0.0, 2.0.1, 2.0.2

All unaffected versions

2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.2.3
go:github.com/hashicorp/go-getter >= 2.0.0, < 2.1.0, < 1.6.1 2.1.0, 1.6.1
3,705 Dependent packages
6,872 Dependent repositories

Affected Version Ranges

All affected versions

1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.6.0

All unaffected versions

1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8

HashiCorp go-getter before 2.0.2 allows Command Injection.

References:

Identifiers

GHSA-x24g-9w7v-vprh

CVE-2022-26945

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00052

EPSS Percentile: 0.16175

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/hashicorp/go-getter

Date and time

Published

about 3 years ago

Updated

over 2 years ago

API

JSON