Primary

Context

HashiCorp go-getter Symlink Attack Vulnerability Leading to Unauthorized Read Access

Vulnerability

Patched

A vulnerability in HashiCorp's go-getter library, affecting versions prior to 1.7.8, allows symlink attacks that could result in unauthorized read access beyond specified directory boundaries. This issue arises when symbolic links in the source repository are followed during the extraction process, enabling access to unintended areas of the filesystem.

Impact

Exploitation of this vulnerability could lead to arbitrary file read access outside the intended directory boundaries, potentially exposing sensitive information.

Remediation

Users of the go-getter library should upgrade to version 1.7.9 or later. The latest releases can be found on the HashiCorp go-getter GitHub releases page.

Added: Aug 15, 2025, 9:16 PM

Updated: Aug 15, 2025, 9:16 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HashiCorp go-getter Symlink Attack Vulnerability Leading to Unauthorized Read Access

Vulnerability

Impact

Remediation

Affected Products

HashiCorp go-getter

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating