HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches.
This vulnerability does not affect the go-getter/v2 branch and package.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: HashiCorp
Published: 2024-04-17T19:37:25.878Z
Updated: 2024-06-04T17:31:04.582Z
Reserved: 2024-04-15T14:04:27.869Z
Link: CVE-2024-3817
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-17T20:15:08.383
Modified: 2024-04-18T13:04:28.900
Link: CVE-2024-3817
JSON object: View
Redhat Information
No data.
CWE