GCVE - cpe:2.3:a:hashicorp:shared_library:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hashicorp:shared_library:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Hashicorp (`dc524c16-6a01-528e-a41c-9d3e02e5e4a3`)
Product	Shared Library (`7ae55343-4733-5caa-9e83-4810cc8d43dc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-8052`	vulnerable	2026-06-03 15:27:57.578169	Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack MEDIUM (6) HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver. Published: 2026-05-12T19:09:15.248Z Updated: 2026-05-12T20:22:44.939Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2026-13-nomads-exec2-task-driver-vulnerable-to-arbitrary-file-read-write-on-client-host-through-symlink-attack/77415	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-0969`	vulnerable	2026-06-03 15:14:43.303893	Arbitrary code execution in React server-side rendering of untrusted MDX content HIGH (8.8) The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0. Published: 2026-02-12T01:35:06.231Z Updated: 2026-04-17T17:57:55.801Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2026-01-arbitrary-code-execution-in-react-server-side-rendering-of-untrusted-mdx-content/77155	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8959`	vulnerable	2026-06-03 15:13:45.168771	HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack HIGH (7.5) HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9. Published: 2025-08-15T20:32:52.335Z Updated: 2025-08-15T20:46:06.131Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0377`	vulnerable	2026-06-03 14:58:32.153977	HashiCorp go-slug Vulnerable to Zip Slip Attack HIGH (7.5) HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. Published: 2025-01-21T15:23:53.104Z Updated: 2025-02-12T20:41:20.897Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2025-01-hashicorp-go-slug-vulnerable-to-zip-slip-attack	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6257`	vulnerable	2026-06-03 14:58:02.409972	HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation HIGH (8.4) HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. Published: 2024-06-25T16:31:03.882Z Updated: 2024-08-01T21:33:05.245Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6104`	vulnerable	2026-06-03 14:58:01.871941	go-retryablehttp can leak basic auth credentials to log files MEDIUM (6) go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. Published: 2024-06-24T17:06:21.150Z Updated: 2024-08-01T21:33:04.395Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/c/security	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-3817`	vulnerable	2026-06-03 14:56:32.106275	HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches CRITICAL (9.8) HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package. Published: 2024-04-17T19:37:25.878Z Updated: 2024-08-01T20:20:01.607Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.