CVE-2022-26945: Improper Neutralization of Special Elements used in a Command ('Command Injection')

May 26, 2022 (updated June 1, 2022)

HashiCorp go-getter before 2.0.2 allows Command Injection.

References

discuss.hashicorp.com/
discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
github.com/advisories/GHSA-x24g-9w7v-vprh
nvd.nist.gov/vuln/detail/CVE-2022-26945

Detect and mitigate CVE-2022-26945 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →