GHSA-47xw-vw6m-w9fq

Suggest an improvement
Source
https://github.com/advisories/GHSA-47xw-vw6m-w9fq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-47xw-vw6m-w9fq/GHSA-47xw-vw6m-w9fq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-47xw-vw6m-w9fq
Aliases
Published
2023-10-28T00:30:31Z
Modified
2023-11-08T04:13:48.241375Z
Severity
  • 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVSS Calculator
Summary
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Details

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

Database specific 
{
    "nvd_published_at": "2023-10-27T22:15:09Z",
    "cwe_ids": [
        "CWE-1386",
        "CWE-59"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-31T21:35:21Z"
}
References

Affected packages

Go / github.com/hashicorp/vagrant

Package

Name
github.com/hashicorp/vagrant
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/vagrant

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.0