Git Injection Vulnerability Affects HashiCorp's go-getter Library
CVE-2024-3817
9.8CRITICAL
What is CVE-2024-3817?
HashiCorp's Go-Getter library contains a vulnerability that allows for argument injection during the process of executing Git commands to fetch remote branches. This security flaw exposes the system to potential exploitation by manipulating inputs, particularly in scenarios involving remote repository interactions. Importantly, this vulnerability does not affect versions located in the go-getter/v2 branch and package, making those iterations safer for users.
Affected Version(s)
Shared library 64 bit 1.5.9 < 1.7.3