Go-Getter Vulnerable to Decompression Bombs
CVE-2023-0475

4.2MEDIUM

Key Information:

Vendor

Hashicorp
Status
Go-getter
Vendor
CVE Published:
16 February 2023

What is CVE-2023-0475?

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

Affected Version(s)

go-getter 64 bit 0 <= 1.6.2

go-getter 64 bit 0 <= 2.1.1

References

https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vu...

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.