CVE-2023-4782

Terraform allows arbitrary file write during the `init` operation in go/github.com/hashicorp/terraform

Identifiers

GHSA-h626-pv66-hhm7, CVE-2023-4782

Package Slug

go/github.com/hashicorp/terraform

Vulnerability

Terraform allows arbitrary file write during the init operation

Description

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

Affected Versions

All versions starting from 1.0.8 before 1.5.7

Solution

Upgrade to version 1.5.7 or above.

Last Modified

2023-09-11

source