DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CVE-2024-6257

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-6257

Severity

8.8

High

CVSS V3

Description

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-6257
  • https://github.com/advisories/GHSA-xfhp-jf8p-mh5w
  • https://pkg.go.dev/vuln/GO-2024-2948
  • https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal