CVE-2022-30322

HIGH

go-getter < 1.5.11 and 2.0.2 - Asymmetric Resource Exhaustion via Malicious HTTP Responses

Title source: llm

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.

Core 4

Core References

Vendor Advisory x_refsource_misc

Release Notes, Third Party Advisory x_refsource_misc

Vendor Advisory x_refsource_misc

Vendor Advisory x_refsource_misc

CVSS v3 8.6

EPSS 0.0079

EPSS Percentile 74.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Status published

Products (4)

hashicorp/go-getter 2.0.2

hashicorp/go-getter < 1.5.11

hashicorp/go-getter 0 - 1.6.1Go

hashicorp/go-getter 0 - 2.1.0 (3 CPE variants)Go

Published May 25, 2022

Tracked Since Feb 18, 2026