CNNVD-202508-1878 Information

CNNVD ID

CNNVD-202508-1878

Related CVE

CVE-2025-8959

• CNNVD Published: 2025-08-15

Description (Chinese)

HashiCorp go-getter是美国HashiCorp公司的Go (golang) 的一个库，用于使用 URL 作为主要输入形式从各种来源下载文件或目录。 HashiCorp go-getter 1.7.9之前版本存在安全漏洞，该漏洞源于符号链接攻击，可能导致未经授权的读取访问。

Description (English)

HashiCorp go-getter is a library of Go (golang) of the United States company HashiCorp used to download files or directories from various sources using URLs as the main input form. The previous version of HashiCorp go-getter 1.7.9 had a security loophole, which originated in a symbol link attack and could lead to unauthorized access.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

HashiCorp

Published

2025-08-15

Last Modified

2026-02-24

References

https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242 https://nvd.nist.gov/vuln/detail/CVE-2025-8959

Patch

https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242