We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In GitHub Security Advisory GHSA-h626-pv66-hhm7, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
modules: - module: github.com/hashicorp/terraform versions: - introduced: 1.0.8 fixed: 1.5.7 vulnerable_at: 1.5.6 packages: - package: github.com/hashicorp/terraform summary: Terraform allows arbitrary file write during the `init` operation description: |- Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7. cves: - CVE-2023-4782 ghsas: - GHSA-h626-pv66-hhm7 references: - web: https://nvd.nist.gov/vuln/detail/CVE-2023-4782 - web: https://discuss.hashicorp.com/t/hcsec-2023-27-terraform-allows-arbitrary-file-write-during-init-operation/58082 - fix: https://github.com/hashicorp/terraform/pull/33745 - fix: https://github.com/hashicorp/terraform/commit/0f2314fb62193c4be94328cc026fcb7ec1e9b893 - web: https://github.com/hashicorp/terraform/releases/tag/v1.5.7 - advisory: https://github.com/advisories/GHSA-h626-pv66-hhm7
The text was updated successfully, but these errors were encountered:
Change https://go.dev/cl/527176 mentions this issue: data/excluded: batch add 14 excluded reports
data/excluded: batch add 14 excluded reports
Sorry, something went wrong.
74276ae
Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports
data/reports: unexclude 75 reports
Change https://go.dev/cl/606791 mentions this issue: data/reports: unexclude 20 reports (11)
data/reports: unexclude 20 reports (11)
36a46d8
- data/reports/GO-2023-2051.yaml - data/reports/GO-2023-2053.yaml - data/reports/GO-2023-2055.yaml - data/reports/GO-2023-2063.yaml - data/reports/GO-2023-2065.yaml - data/reports/GO-2023-2066.yaml - data/reports/GO-2023-2067.yaml - data/reports/GO-2023-2068.yaml - data/reports/GO-2023-2069.yaml - data/reports/GO-2023-2070.yaml - data/reports/GO-2023-2071.yaml - data/reports/GO-2023-2072.yaml - data/reports/GO-2023-2073.yaml - data/reports/GO-2023-2075.yaml - data/reports/GO-2023-2078.yaml - data/reports/GO-2023-2079.yaml - data/reports/GO-2023-2080.yaml - data/reports/GO-2023-2084.yaml - data/reports/GO-2023-2085.yaml - data/reports/GO-2023-2088.yaml Updates #2051 Updates #2053 Updates #2055 Updates #2063 Updates #2065 Updates #2066 Updates #2067 Updates #2068 Updates #2069 Updates #2070 Updates #2071 Updates #2072 Updates #2073 Updates #2075 Updates #2078 Updates #2079 Updates #2080 Updates #2084 Updates #2085 Updates #2088 Change-Id: I0103dfe39411ae2cf3d74933349260db7dc3496b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606791 Commit-Queue: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
timothy-king
No branches or pull requests
In GitHub Security Advisory GHSA-h626-pv66-hhm7, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: