CVE-2024-6257

Опубликовано: 25 июн. 2024

Источник: debian

EPSS Низкий

Описание

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

Пакеты

Пакет	Статус	Релиз	Тип
golang-github-hashicorp-go-getter	unfixed		package
golang-github-hashicorp-go-getter	no-dsa	bookworm	package
golang-github-hashicorp-go-getter	no-dsa	bullseye	package

Примечания

https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081

EPSS

Процентиль: 28%

0.00095

Низкий

Связанные уязвимости

CVE-2024-6257

CVSS3: 8.4

ubuntu

около 1 года назад

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

CVE-2024-6257

CVSS3: 7.7

redhat

около 1 года назад

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

CVE-2024-6257

CVSS3: 8.4

nvd

около 1 года назад

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

CVE-2024-6257

CVSS3: 8.4

msrc

11 месяцев назад

Описание отсутствует

ROS-20240902-13

CVSS3: 8.4

redos

10 месяцев назад

Уязвимость terraform

EPSS

Процентиль: 28%

0.00095

Низкий