go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.
{ "binaries": [ { "binary_name": "golang-github-hashicorp-go-getter-dev", "binary_version": "0.0~git20160316.0.575ec4e-1" } ] }
{ "binaries": [ { "binary_name": "golang-github-hashicorp-go-getter-dev", "binary_version": "1.4.1-1" } ] }
{ "binaries": [ { "binary_name": "golang-github-jesseduffield-go-getter-dev", "binary_version": "0.0~git20180822.906e156-3" } ] }
{ "binaries": [ { "binary_name": "golang-github-jesseduffield-go-getter-dev", "binary_version": "0.0~git20180822.906e156-4" } ] }
{ "binaries": [ { "binary_name": "golang-github-jesseduffield-go-getter-dev", "binary_version": "0.0~git20180822.906e156-5" } ] }