GCVE - cpe:2.3:a:hashicorp:go-getter:2.0.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hashicorp:go-getter:2.0.2:*:*:*:*:*:*:*

part: a version: 2.0.2 update: *

Vendor	Hashicorp (`dc524c16-6a01-528e-a41c-9d3e02e5e4a3`)
Product	Go Getter (`b685d6ca-3af6-5195-94cd-38a699db4f50`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/golang-github-hashicorp-go-getter`	purl2cpe	2026-06-01 10:14:57.112488
`pkg:deb/ubuntu/golang-github-hashicorp-go-getter`	purl2cpe	2026-06-01 10:14:57.112489
`pkg:github/hashicorp/go-getter`	purl2cpe	2026-06-01 10:14:57.112491

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-30323`	vulnerable	2026-06-03 14:47:08.603220	Details available go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. Published: 2022-05-25T11:19:30.000Z Updated: 2024-08-03T06:48:35.599Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com https://github.com/hashicorp/go-getter/releases https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-30322`	vulnerable	2026-06-03 14:47:08.602843	Details available go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0. Published: 2022-05-25T11:19:35.000Z Updated: 2024-08-03T06:48:35.602Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com https://github.com/hashicorp/go-getter/releases https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-30321`	vulnerable	2026-06-03 14:47:08.602386	Details available go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0. Published: 2022-05-25T11:19:42.000Z Updated: 2024-08-03T06:48:35.687Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com https://github.com/hashicorp/go-getter/releases https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-26945`	vulnerable	2026-06-03 14:46:45.423333	Details available go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0. Published: 2022-05-25T11:19:48.000Z Updated: 2024-08-03T05:18:38.351Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.