CVE-2024-3817
Published: 17 April 2024
HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
golang-github-hashicorp-go-getter Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| mantic |
Needs triage
|
|
| noble |
Needs triage
|
|
| upstream |
Needs triage
|
|
|
golang-github-jesseduffield-go-getter Launchpad, Ubuntu, Debian |
focal |
Needs triage
|
| jammy |
Needs triage
|
|
| mantic |
Needs triage
|
|
| noble |
Needs triage
|
|
| upstream |
Needs triage
|