Moderate severityNVD Advisory· Published Apr 27, 2022· Updated Aug 3, 2024
CVE-2022-29810
CVE-2022-29810
Description
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/go-getterGo | < 1.5.11 | 1.5.11 |
Affected products
2- Hashicorp/go-getter librarydescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-27rq-4943-qcwpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-29810ghsaADVISORY
- github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49ccghsax_refsource_MISCWEB
- github.com/hashicorp/go-getter/pull/348ghsax_refsource_MISCWEB
- github.com/hashicorp/go-getter/releases/tag/v1.5.11ghsax_refsource_MISCWEB
- pkg.go.dev/vuln/GO-2022-0438ghsaWEB
News mentions
0No linked articles in our index yet.