Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0475

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

Published

2023-02-16T19:15:13.867

Last Modified

2024-11-21T07:37:15.350

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-409
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application hashicorp go-getter ≤ 1.6.2 Yes
Application hashicorp go-getter 2.1.1 Yes
References