Vulnerability Details CVE-2024-6257
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.7%
CVSS Severity
CVSS v3 Score 8.4
References
Products affected by CVE-2024-6257
-
cpe:2.3:a:hashicorp:go-getter:-
-
cpe:2.3:a:hashicorp:go-getter:1.0.0
-
cpe:2.3:a:hashicorp:go-getter:1.0.1
-
cpe:2.3:a:hashicorp:go-getter:1.0.2
-
cpe:2.3:a:hashicorp:go-getter:1.0.3
-
cpe:2.3:a:hashicorp:go-getter:1.1.0
-
cpe:2.3:a:hashicorp:go-getter:1.2.0
-
cpe:2.3:a:hashicorp:go-getter:1.3.0
-
cpe:2.3:a:hashicorp:go-getter:1.4.0
-
cpe:2.3:a:hashicorp:go-getter:1.4.1
-
cpe:2.3:a:hashicorp:go-getter:1.4.2
-
cpe:2.3:a:hashicorp:go-getter:1.5.0
-
cpe:2.3:a:hashicorp:go-getter:1.5.1
-
cpe:2.3:a:hashicorp:go-getter:1.5.10
-
cpe:2.3:a:hashicorp:go-getter:1.5.11
-
cpe:2.3:a:hashicorp:go-getter:1.5.2
-
cpe:2.3:a:hashicorp:go-getter:1.5.3
-
cpe:2.3:a:hashicorp:go-getter:1.5.4
-
cpe:2.3:a:hashicorp:go-getter:1.5.5
-
cpe:2.3:a:hashicorp:go-getter:1.5.6
-
cpe:2.3:a:hashicorp:go-getter:1.5.7
-
cpe:2.3:a:hashicorp:go-getter:1.5.8
-
cpe:2.3:a:hashicorp:go-getter:1.5.9
-
cpe:2.3:a:hashicorp:go-getter:1.6.0
-
cpe:2.3:a:hashicorp:go-getter:1.6.1
-
cpe:2.3:a:hashicorp:go-getter:1.6.2
-
cpe:2.3:a:hashicorp:go-getter:1.7.0
-
cpe:2.3:a:hashicorp:go-getter:1.7.1
-
cpe:2.3:a:hashicorp:go-getter:1.7.2
-
cpe:2.3:a:hashicorp:go-getter:1.7.3
-
cpe:2.3:a:hashicorp:go-getter:1.7.4