Hide Forgot
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3). References: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter/releases
Created golang-github-yujunz-getter tracking bugs for this issue: Affects: fedora-all [bug 2092922]
What's the point of the three duplicate issues[1]? Is there something that I'm missing here? [1]: https://bugzilla.redhat.com/show_bug.cgi?id=2092918 https://bugzilla.redhat.com/show_bug.cgi?id=2092923 https://bugzilla.redhat.com/show_bug.cgi?id=2092925
(In reply to Maxwell G from comment #5) > What's the point of the three duplicate issues[1]? Is there something that > I'm missing here? > > [1]: https://bugzilla.redhat.com/show_bug.cgi?id=2092918 > https://bugzilla.redhat.com/show_bug.cgi?id=2092923 > https://bugzilla.redhat.com/show_bug.cgi?id=2092925 Ah, I guess there are three different CVEs surrounding unsafe downloads. I did not look closely at the CVE numbers. Feel free to disregard this.
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:5673 https://access.redhat.com/errata/RHSA-2022:5673