Malicious Git Configuration Execution via go-getter Library
CVE-2024-6257
8.4HIGH
What is CVE-2024-6257?
The Go-Getter library from HashiCorp is susceptible to a vulnerability that allows an attacker to manipulate the Git configuration, potentially leading to arbitrary code execution. By coercing the library into executing a Git update on a maliciously modified configuration, attackers can exploit this weakness to execute unwanted code within the user's environment. This issue underscores the importance of secure coding practices and vigilant configuration management to protect against such vulnerabilities.
Affected Version(s)
Shared library 64 bit 0 < 1.7.4