pkg:Debian/golang-github-hashicorp-go-getter

All known vulnerabilities

• CRITICAL9.8CVE-2024-3817Argument injection when fetching remote default Git branches in github.com/hashicorp/go-getter
  from 0
• HIGH8.6CVE-2022-26945Resource exhaustion in github.com/hashicorp/go-getter and related modules
  from 0
• HIGH8.6CVE-2022-30323go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files.
  from 0
• HIGH8.6go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses.
  from 0
• HIGH8.6go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaw…
  from 0
• HIGH8.4Code Execution on Git update in github.com/hashicorp/go-getter
  from 0
• HIGH7.5HashiCorp's go-getter library may allow arbitrary file reads
  from 0
• HIGH7.5HashiCorp go-getter Vulnerable to Symlink Attacks in github.com/hashicorp/go-getter
  from 0
• MEDIUM4.2Denial of service in github.com/hashicorp/go-getter/v2
  from 0