HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2024-06-25T16:31:03.882Z

Updated: 2024-08-01T21:33:05.245Z

Reserved: 2024-06-21T20:12:09.424Z

Link: CVE-2024-6257

cve-icon Vulnrichment

Updated: 2024-08-01T21:33:05.245Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-25T17:15:10.827

Modified: 2024-11-21T09:49:17.460

Link: CVE-2024-6257

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-25T00:00:00Z

Links: CVE-2024-6257 - Bugzilla