pkg:Go/github.com/hashicorp/go-getter

All known vulnerabilities

• CRITICAL9.8CVE-2024-3817Argument injection when fetching remote default Git branches in github.com/hashicorp/go-getter
  >= 1.5.9, < 1.7.4
• CRITICAL9.8CVE-2024-3817Argument injection when fetching remote default Git branches in github.com/hashicorp/go-getter
  >= 1.5.9, < 1.7.4
• HIGH8.6CVE-2022-26945Resource exhaustion in github.com/hashicorp/go-getter and related modules
  from 0, < 1.6.1
• HIGH8.6CVE-2022-26945Resource exhaustion in github.com/hashicorp/go-getter and related modules
  from 0, < 1.6.1
• HIGH8.6CVE-2022-26945Resource exhaustion in github.com/hashicorp/go-getter and related modules
  from 0, < 1.6.1
• HIGH8.6CVE-2022-26945Resource exhaustion in github.com/hashicorp/go-getter and related modules
  from 0, < 1.6.1
• HIGH8.6CVE-2022-26945Resource exhaustion in github.com/hashicorp/go-getter and related modules
  from 0, < 1.6.1
• HIGH8.4CVE-2024-6257Code Execution on Git update in github.com/hashicorp/go-getter
  from 0, < 1.7.5
• HIGH8.4CVE-2024-6257Code Execution on Git update in github.com/hashicorp/go-getter
  from 0, < 1.7.5
• HIGH7.5CVE-2026-4660HashiCorp's go-getter library may allow arbitrary file reads
  from 0, < 1.8.6
• HIGH7.5CVE-2025-8959HashiCorp go-getter Vulnerable to Symlink Attacks in github.com/hashicorp/go-getter
  from 0, < 1.7.9
• HIGH7.5CVE-2025-8959HashiCorp go-getter Vulnerable to Symlink Attacks in github.com/hashicorp/go-getter
  from 0, < 1.7.9
• MEDIUM5.5CVE-2022-29810Exposure of sensitive information via log file in github.com/hashicorp/go-getter
  from 0, < 1.5.11
• MEDIUM5.5CVE-2022-29810Exposure of sensitive information via log file in github.com/hashicorp/go-getter
  from 0, < 1.5.11
• MEDIUM4.2CVE-2023-0475Denial of service in github.com/hashicorp/go-getter/v2
  from 0, < 1.7.0
• MEDIUM4.2CVE-2023-0475Denial of service in github.com/hashicorp/go-getter/v2
  from 0, < 1.7.0