Skip to main content

Go Getter

9 CVEs product

Monthly

CVE-2025-8959 Go HIGH PATCH This Month

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Go Getter Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-6257 Go HIGH PATCH This Week

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Hashicorp Command Injection Go Getter
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-3817 Go CRITICAL PATCH Act Now

HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Hashicorp Go Getter
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-0475 Go MEDIUM PATCH This Month

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Go Getter
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-30323 Go HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Getter
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-30322 Go HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Getter
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-30321 Go HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Path Traversal Go Getter
NVD GitHub
CVSS 3.1
8.6
EPSS
3.1%
CVE-2022-26945 Go CRITICAL PATCH Act Now

go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Go Getter
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-29810 Go MEDIUM PATCH This Month

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Go Getter
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH PATCH This Month

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Go Getter +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Hashicorp Command Injection +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Hashicorp Go Getter
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Go Getter
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Getter
NVD GitHub
EPSS 1% CVSS 8.6
HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Getter
NVD GitHub
EPSS 3% CVSS 8.6
HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Path Traversal Go Getter
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Go Getter
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Go Getter
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy