Vulnerability Description
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp | Go-Getter | <= 1.5.11 |
References
- https://discuss.hashicorp.comVendor Advisory
- https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getMitigationVendor Advisory
- https://discuss.hashicorp.comVendor Advisory
- https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getMitigationVendor Advisory
FAQ
What is CVE-2022-26945?
CVE-2022-26945 is a vulnerability with a CVSS score of 9.8 (CRITICAL). go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
How severe is CVE-2022-26945?
CVE-2022-26945 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-26945?
Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Go-Getter.