internal/genericosv/testdata/yaml/GHSA-28r2-q6m8-9hpx.yaml - vulndb - Git at Google

 id: GO-TEST-ID
 modules:
     - module: github.com/hashicorp/go-getter
       versions:
         - fixed: 1.6.1
       vulnerable_at: 1.6.0
     - module: github.com/hashicorp/go-getter/gcs/v2
       versions:
         - fixed: 2.1.0
       vulnerable_at: 2.0.2
     - module: github.com/hashicorp/go-getter/s3/v2
       versions:
         - fixed: 2.1.0
       vulnerable_at: 2.0.2
     - module: github.com/hashicorp/go-getter/v2
       versions:
         - introduced: 2.0.0
           fixed: 2.1.0
       vulnerable_at: 2.0.2
 summary: |-
     HashiCorp go-getter unsafe downloads could lead to asymmetric resource
     exhaustion in github.com/hashicorp/go-getter
 description: |-
     HashiCorp go-getter through 2.0.2 does not safely perform downloads. Asymmetric
     resource exhaustion could occur when go-getter processed malicious HTTP
     responses.
 cves:
     - CVE-2022-30323
 ghsas:
     - GHSA-28r2-q6m8-9hpx
 references:
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-30323
     - fix: https://github.com/hashicorp/go-getter/pull/359
     - fix: https://github.com/hashicorp/go-getter/pull/361
     - fix: https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48
     - fix: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45
     - web: https://discuss.hashicorp.com
     - web: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/
     - web: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
     - web: https://github.com/hashicorp/go-getter/releases
 source:
     id: GHSA-28r2-q6m8-9hpx
	id: GO-TEST-ID
	modules:
	- module: github.com/hashicorp/go-getter
	versions:
	- fixed: 1.6.1
	vulnerable_at: 1.6.0
	- module: github.com/hashicorp/go-getter/gcs/v2
	versions:
	- fixed: 2.1.0
	vulnerable_at: 2.0.2
	- module: github.com/hashicorp/go-getter/s3/v2
	versions:
	- fixed: 2.1.0
	vulnerable_at: 2.0.2
	- module: github.com/hashicorp/go-getter/v2
	versions:
	- introduced: 2.0.0
	fixed: 2.1.0
	vulnerable_at: 2.0.2
	summary: \|-
	HashiCorp go-getter unsafe downloads could lead to asymmetric resource
	exhaustion in github.com/hashicorp/go-getter
	description: \|-
	HashiCorp go-getter through 2.0.2 does not safely perform downloads. Asymmetric
	resource exhaustion could occur when go-getter processed malicious HTTP
	responses.
	cves:
	- CVE-2022-30323
	ghsas:
	- GHSA-28r2-q6m8-9hpx
	references:
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-30323
	- fix: https://github.com/hashicorp/go-getter/pull/359
	- fix: https://github.com/hashicorp/go-getter/pull/361
	- fix: https://github.com/hashicorp/go-getter/commit/38e97387488f5439616be60874979433a12edb48
	- fix: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45
	- web: https://discuss.hashicorp.com
	- web: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/
	- web: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
	- web: https://github.com/hashicorp/go-getter/releases
	source:
	id: GHSA-28r2-q6m8-9hpx