CVE-2024-6257

Опубликовано: 25 июн. 2024

Источник: debian

Описание

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

Пакеты

Пакет	Статус	Релиз	Тип
golang-github-hashicorp-go-getter	unfixed		package
golang-github-hashicorp-go-getter	no-dsa	bookworm	package
golang-github-hashicorp-go-getter	no-dsa	bullseye	package

Примечания

https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081

Связанные уязвимости

CVE-2024-6257

CVSS3: 8.4

ubuntu

больше 1 года назад

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

CVE-2024-6257

CVSS3: 7.7

redhat

больше 1 года назад

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

CVE-2024-6257

CVSS3: 8.4

nvd

больше 1 года назад

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

CVE-2024-6257

CVSS3: 8.4

msrc

больше 1 года назад

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

ROS-20240902-13

CVSS3: 8.4

redos

около 1 года назад

Уязвимость terraform