CVE-2024-3817
Published: 17 April 2024
HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package.
Priority
Status
Package | Release | Status |
---|---|---|
golang-github-hashicorp-go-getter Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
noble |
Needs triage
|
|
upstream |
Needs triage
|
|
golang-github-jesseduffield-go-getter Launchpad, Ubuntu, Debian |
focal |
Needs triage
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
noble |
Needs triage
|
|
upstream |
Needs triage
|