VYPR
Critical severityNVD Advisory· Published Apr 17, 2024· Updated Aug 1, 2024

HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches

CVE-2024-3817

Description

HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches.

This vulnerability does not affect the go-getter/v2 branch and package.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/go-getterGo
>= 1.5.9, < 1.7.41.7.4

Affected products

38

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.