CVE-2023-0475 MEDIUM

CVE-2023-0475: Go-Getter Vulnerable to Decompression Bombs

Vendor Hashicorp

Product go-getter

Weakness CWE-409

Published February 16, 2023

Last update March 18, 2025

CVSS base score

4.2/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

Key dates

February 16, 2023 CVE published

March 18, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2023-0475

CWE CWE-409

CVSS 4.2 / MEDIUM

Vendor Hashicorp

Product go-getter

Affected ≤ 1.6.2

Vendor Hashicorp

Product go-getter

Affected ≤ 2.1.1