Hashicorp Shared Library
7 CVEs affecting Hashicorp Shared Library. Latest disclosed: 2026-05-12. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3817 | Critical | 9.8 | 2024-04-17 | HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-g… |
CVE-2026-0969 | High | 8.8 | 2026-02-12 | The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This v… |
CVE-2024-6257 | High | 8.4 | 2024-06-25 | HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary… |
CVE-2025-8959 | High | 7.5 | 2025-08-15 | HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated director… |
CVE-2025-0377 | High | 7.5 | 2025-01-21 | HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. |
CVE-2026-8052 | Medium | 6.0 | 2026-05-12 | HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlin… |
CVE-2024-6104 | Medium | 6.0 | 2024-06-24 | go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth… |