data/reports/GO-2022-0438.yaml - vulndb - Git at Google

 modules:
   - module: github.com/hashicorp/go-getter
     versions:
       - fixed: 1.5.11
     vulnerable_at: 1.5.10
     packages:
       - package: github.com/hashicorp/go-getter
         symbols:
           - RedactURL
         derived_symbols:
           - Client.ChecksumFromFile
           - Client.Get
           - FolderStorage.Get
           - Get
           - GetAny
           - GetFile
           - HttpGetter.Get
 description: |
     The getter package can write SSH credentials to its logfile,
     exposing credentials to local users able to read the logfile.
 published: 2022-07-01T20:07:52Z
 cves:
   - CVE-2022-29810
 ghsas:
   - GHSA-27rq-4943-qcwp
 references:
   - fix: https://github.com/hashicorp/go-getter/pull/348
   - fix: https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc
   - web: https://github.com/hashicorp/go-getter/releases/tag/v1.5.11
	modules:
	- module: github.com/hashicorp/go-getter
	versions:
	- fixed: 1.5.11
	vulnerable_at: 1.5.10
	packages:
	- package: github.com/hashicorp/go-getter
	symbols:
	- RedactURL
	derived_symbols:
	- Client.ChecksumFromFile
	- Client.Get
	- FolderStorage.Get
	- Get
	- GetAny
	- GetFile
	- HttpGetter.Get
	description: \|
	The getter package can write SSH credentials to its logfile,
	exposing credentials to local users able to read the logfile.
	published: 2022-07-01T20:07:52Z
	cves:
	- CVE-2022-29810
	ghsas:
	- GHSA-27rq-4943-qcwp
	references:
	- fix: https://github.com/hashicorp/go-getter/pull/348
	- fix: https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc
	- web: https://github.com/hashicorp/go-getter/releases/tag/v1.5.11