CVE-2022-30322

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-30322
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30322.json
Aliases
Published
2022-05-25T12:15:08Z
Modified
2024-03-15T00:05:25.226817Z
Details

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.

References

Affected packages

Git / github.com/hashicorp/go-getter

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/go-getter
Events
Introduced
0The exact introduced commit is unknown
Last affected
4e45866a5873686490865880dabbd4737215caf1

Affected versions

cmd/go-getter/v2.*

cmd/go-getter/v2.0.2

gcs/v2.*

gcs/v2.0.2

s3/v2.*

s3/v2.0.2

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.4.1

v2.*

v2.0.0
v2.0.1
v2.0.2