/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-6257

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-6257

CGA ID

CGA-gfpc-w452-j2h8

Severity

8.4

High

CVSS V3

Description

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

References

  • https://images.chainguard.dev/security/CGA-gfpc-w452-j2h8
  • https://github.com/advisories/GHSA-xfhp-jf8p-mh5w
  • https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081
  • https://security-tracker.debian.org/tracker/CVE-2024-6257

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation