Go modules package
github.com/hashicorp/terraform
pkg:golang/github.com/hashicorp/terraform
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4782 | — | >= 1.0.8, < 1.5.7 | 1.5.7 | Sep 8, 2023 | Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7. | ||
| CVE-2019-19316 | — | < 0.12.17 | 0.12.17 | Dec 2, 2019 | When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. |
- CVE-2023-4782Sep 8, 2023affected >= 1.0.8, < 1.5.7fixed 1.5.7
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.
- CVE-2019-19316Dec 2, 2019affected < 0.12.17fixed 0.12.17
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.