Vulnerabilities > Hashicorp > GO Getter > 2.0.2

DATE CVE VULNERABILITY TITLE RISK
2022-05-25 CVE-2022-26945 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing.
network
low complexity
hashicorp
critical
 9.8
9.8
2022-05-25 CVE-2022-30321 Command Injection vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws.
network
low complexity
hashicorp CWE-77
8.6
8.6
2022-05-25 CVE-2022-30322 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses.
network
low complexity
hashicorp
8.6
8.6
2022-05-25 CVE-2022-30323 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files.
network
low complexity
hashicorp
8.6
8.6