HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: HashiCorp
Published: 2023-02-16T18:35:37.518Z
Updated: 2023-02-16T18:35:37.518Z
Reserved: 2023-01-24T17:05:24.695Z
Link: CVE-2023-0475
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-16T19:15:13.867
Modified: 2023-02-27T18:33:13.233
Link: CVE-2023-0475
JSON object: View
Redhat Information
No data.
CWE