cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-0475,https://securityvulnerability.io/vulnerability/CVE-2023-0475,Go-Getter Vulnerable to Decompression Bombs,HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.,HashiCorp,go-getter,6.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-02-16T19:15:00.000Z,0
CVE-2022-26945,https://securityvulnerability.io/vulnerability/CVE-2022-26945,Protocol Switching and Configuration Bypass Vulnerability in Go-Getter by HashiCorp,"The vulnerability in Go-Getter versions up to 1.5.11 and 2.0.2 allows attackers to exploit custom HTTP response header processing. This results in potential protocol switching and an endless redirect loop, leading to unauthorized configuration access. Users are advised to upgrade to versions 1.6.1 and 2.1.0 to mitigate these risks effectively.",Hashicorp,Go-getter,9.8,CRITICAL,0.0024399999529123306,false,,false,false,false,,,false,false,,2022-05-25T11:19:48.000Z,0
CVE-2022-30321,https://securityvulnerability.io/vulnerability/CVE-2022-30321,Arbitrary Host Access in Go-Getter by HashiCorp,"The Go-Getter library versions 1.5.11 and 2.0.2 are susceptible to critical security flaws including arbitrary host access through path traversal, symlink processing, and command injection vulnerabilities. These weaknesses allow malicious actors to execute unauthorized commands and gain access to sensitive data. Upgrading to the fixed versions 1.6.1 and 2.1.0 is crucial for maintaining the security of applications utilizing the Go-Getter library.",Hashicorp,Go-getter,8.6,HIGH,0.0013899999903514981,false,,false,false,false,,,false,false,,2022-05-25T11:19:42.000Z,0
CVE-2022-30322,https://securityvulnerability.io/vulnerability/CVE-2022-30322,Resource Exhaustion Vulnerability in go-getter by HashiCorp,"The go-getter library prior to version 1.6.1 and 2.1.0 is susceptible to a vulnerability where it can become overwhelmed by asymmetric resource exhaustion due to the processing of malicious HTTP responses. This flaw can potentially disrupt the normal operation of applications utilizing the go-getter library, leading to performance degradation or system instability. Users are advised to update to the latest versions to mitigate this risk.",Hashicorp,Go-getter,8.6,HIGH,0.0026199999265372753,false,,false,false,false,,,false,false,,2022-05-25T11:19:35.000Z,0
CVE-2022-30323,https://securityvulnerability.io/vulnerability/CVE-2022-30323,Buffer Overflow in Go-Getter Library by HashiCorp,"The Go-Getter library by HashiCorp experienced a significant issue when processing password-protected ZIP files, leading to potential buffer overflow scenarios. This vulnerability could cause the application to panic, thereby interrupting service and risking data integrity. The affected versions are up to 1.5.11 and 2.0.2, with fixes released in versions 1.6.1 and 2.1.0. Users are strongly encouraged to update to the latest version to mitigate the risk associated with this vulnerability.",Hashicorp,Go-getter,8.6,HIGH,0.0026199999265372753,false,,false,false,false,,,false,false,,2022-05-25T11:19:30.000Z,0
CVE-2022-29810,https://securityvulnerability.io/vulnerability/CVE-2022-29810,Information Disclosure in Hashicorp go-getter Library,"The go-getter library by Hashicorp prior to version 1.5.11 has a flaw where it fails to redact sensitive SSH keys from URL query parameters. This oversight could expose private information, potentially allowing attackers to harvest sensitive credentials from logs or other outputs that include unredacted URLs. It is crucial for users to upgrade to the latest version to mitigate this risk.",Hashicorp,Go-getter,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-27T05:50:30.000Z,0