CVE-2022-30323

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.

Affected Software

Name	Vendor	Start Version	End Version
Go-getter	Hashicorp	*	1.5.11 (including)
Go-getter	Hashicorp	2.0.2 (including)	2.0.2 (including)
Red Hat OpenShift Container Platform 4.10	RedHat	openshift4/ose-baremetal-rhel8-operator:v4.10.0-202208182025.p0.g97ce15e.assembly.stream	*
Red Hat OpenShift Container Platform 4.10	RedHat	openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202208260945.p0.g23614bb.assembly.stream	*
Red Hat OpenShift Container Platform 4.10	RedHat	openshift4/ose-baremetal-machine-controllers:v4.10.0-202209301647.p0.gadff401.assembly.stream	*
Red Hat OpenShift Container Platform 4.10	RedHat	openshift4/ose-installer:v4.10.0-202210250219.p0.g1ffe666.assembly.stream	*
Red Hat OpenShift Container Platform 4.11	RedHat	openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream	*
Red Hat OpenShift Container Platform 4.11	RedHat	openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream	*
Red Hat OpenShift Container Platform 4.11	RedHat	openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream	*
Red Hat OpenShift Container Platform 4.11	RedHat	openshift4/ose-installer:v4.11.0-202210250857.p0.g9d1e216.assembly.stream	*
Red Hat OpenShift Container Platform 4.8	RedHat	openshift4/ose-baremetal-rhel8-operator:v4.8.0-202208241844.p0.g5492cf5.assembly.stream	*
Red Hat OpenShift Container Platform 4.8	RedHat	openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202209291426.p0.g117d47a.assembly.stream	*
Red Hat OpenShift Container Platform 4.8	RedHat	openshift4/ose-baremetal-machine-controllers:v4.8.0-202211031007.p0.g2dabef7.assembly.stream	*
Red Hat OpenShift Container Platform 4.9	RedHat	openshift4/ose-baremetal-rhel8-operator:v4.9.0-202208231335.p0.g4e7605b.assembly.stream	*
Red Hat OpenShift Container Platform 4.9	RedHat	openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202210061647.p0.g1a49892.assembly.stream	*
Red Hat OpenShift Container Platform 4.9	RedHat	openshift4/ose-baremetal-machine-controllers:v4.9.0-202210241459.p0.g41aa1f7.assembly.stream	*
Red Hat OpenShift Container Platform 4.9	RedHat	openshift4/ose-installer:v4.9.0-202212060115.p0.gf079984.assembly.stream	*
Red Hat OpenStack Platform 16.2	RedHat	rhosp-rhel8-tech-preview/osp-director-downloader:1.2.3-3	*
Red Hat OpenStack Platform 16.2	RedHat	rhosp-rhel8-tech-preview/osp-director-operator:1.2.3-3	*
Golang-github-hashicorp-go-getter	Ubuntu	bionic	*
Golang-github-hashicorp-go-getter	Ubuntu	esm-apps/bionic	*
Golang-github-hashicorp-go-getter	Ubuntu	esm-apps/focal	*
Golang-github-hashicorp-go-getter	Ubuntu	esm-apps/jammy	*
Golang-github-hashicorp-go-getter	Ubuntu	esm-apps/noble	*
Golang-github-hashicorp-go-getter	Ubuntu	focal	*
Golang-github-hashicorp-go-getter	Ubuntu	impish	*
Golang-github-hashicorp-go-getter	Ubuntu	jammy	*
Golang-github-hashicorp-go-getter	Ubuntu	kinetic	*
Golang-github-hashicorp-go-getter	Ubuntu	lunar	*
Golang-github-hashicorp-go-getter	Ubuntu	mantic	*
Golang-github-hashicorp-go-getter	Ubuntu	noble	*
Golang-github-hashicorp-go-getter	Ubuntu	oracular	*
Golang-github-hashicorp-go-getter	Ubuntu	plucky	*
Golang-github-hashicorp-go-getter	Ubuntu	questing	*
Golang-github-hashicorp-go-getter	Ubuntu	upstream	*
Golang-github-jesseduffield-go-getter	Ubuntu	esm-apps/focal	*
Golang-github-jesseduffield-go-getter	Ubuntu	esm-apps/jammy	*
Golang-github-jesseduffield-go-getter	Ubuntu	esm-apps/noble	*
Golang-github-jesseduffield-go-getter	Ubuntu	focal	*
Golang-github-jesseduffield-go-getter	Ubuntu	jammy	*
Golang-github-jesseduffield-go-getter	Ubuntu	mantic	*
Golang-github-jesseduffield-go-getter	Ubuntu	noble	*
Golang-github-jesseduffield-go-getter	Ubuntu	oracular	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-30323
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References