CVE-2023-4782

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4782
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4782.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4782
Aliases
Published
2023-09-08T18:15:07.707Z
Modified
2026-03-14T12:10:57.738607Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

References

Affected packages

Git / github.com/hashicorp/terraform

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/terraform
Events
Introduced
f5e8851e5e81493a759b4e313e7d8738cc9968e2
Fixed
ee58ac1851c8a433005df9863ed47796a9f6b5e7
Database specific 
{
    "versions": [
        {
            "introduced": "1.0.8"
        },
        {
            "fixed": "1.5.7"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4782.json"