CVE-2023-0475

Опубликовано: 16 фев. 2023

Источник: debian

EPSS Низкий

Описание

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

Пакет	Статус	Релиз	Тип
golang-github-hashicorp-go-getter	removed		package
golang-github-hashicorp-go-getter	ignored	bookworm	package
golang-github-hashicorp-go-getter	no-dsa	bullseye	package
golang-github-hashicorp-go-getter	postponed	buster	package

https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125

EPSS

Процентиль: 23%

0.00078

Низкий

CVE-2023-0475

CVSS3: 4.2

ubuntu

почти 3 года назад

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

CVE-2023-0475

CVSS3: 4.2

redhat

почти 3 года назад

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

CVE-2023-0475

CVSS3: 4.2

nvd

почти 3 года назад

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

CVE-2023-0475

CVSS3: 6.5

msrc

около 1 года назад

Описание отсутствует

GHSA-jpxj-2jvg-6jv9

CVSS3: 4.2

github

почти 3 года назад

Data Amplification in HashiCorp go-getter

EPSS

Процентиль: 23%

0.00078

Низкий