Sign In

CVE-2024-3817

ADVISORY - github

Summary

When go-getter is performing a Git operation, go-getter will try to clone the given repository. If a Git reference is not passed along with the Git url, go-getter will then try to check the remote repository’s HEAD reference of its default branch by passing arguments to the Git binary on the host it is executing on.

An attacker may format a Git URL in order to inject additional Git arguments to the Git call.

Consumers of the go-getter library should evaluate the risk associated with these issues in the context of their go-getter usage and upgrade go-getter to 1.7.4 or later.

EPSS Score: 0.02132 (0.841)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

ADVISORY - github

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in