Description
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://discuss.hashicorp.com
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/hashicorp/go-getter/releases
Vendor Advisory x_refsource_misc
https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
Vendor Advisory x_refsource_misc
https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/
Scores
CVSS v3
8.6
EPSS
0.0079
EPSS Percentile
74.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Details
Status
published
Products (4)
hashicorp/go-getter
2.0.2
hashicorp/go-getter
< 1.5.11
hashicorp/go-getter
0 - 1.6.1Go
hashicorp/go-getter
0 - 2.1.0 (3 CPE variants)Go
Published
May 25, 2022
Tracked Since
Feb 18, 2026