HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Go-getter |
Hashicorp |
* |
1.6.2 (including) |
Go-getter |
Hashicorp |
2.1.1 (including) |
2.1.1 (including) |
References