Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-30323

Опубликовано: 24 мая 2022
Источник: redhat
CVSS3: 8.6
EPSS Низкий

Описание

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.

A flaw was found in go-getter. Several vulnerabilities were identified in how go-getter processes HTTP responses, response headers, and password-protected ZIP files. This flaw allows an attacker to bypass certain configuration settings and may lead to a denial of service.

Меры по смягчению последствий

The fix includes new configuration options to help limit the security exposure and have more secure defaults.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/agent-service-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/cluster-curator-controller-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/clusterlifecycle-state-metrics-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/managedcluster-import-controller-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/multicloud-manager-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/multiclusterhub-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/multicluster-operators-application-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-aggregator-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/subctl-rhel9Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/submariner-rhel8-operatorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-229
https://bugzilla.redhat.com/show_bug.cgi?id=2092925go-getter: unsafe download (issue 3 of 3)

EPSS

Процентиль: 49%
0.00255
Низкий

8.6 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-30323

CVSS3: 8.6
ubuntu
около 3 лет назад

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.

nvd логотип

CVE-2022-30323

CVSS3: 8.6
nvd
около 3 лет назад

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.

debian логотип

CVE-2022-30323

CVSS3: 8.6
debian
около 3 лет назад

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-pro ...

github логотип

GHSA-28r2-q6m8-9hpx

CVSS3: 8.6
github
около 3 лет назад

HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion

EPSS

Процентиль: 49%
0.00255
Низкий

8.6 High

CVSS3