CVE-2023-4782 Information

Description

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

Reference

https://discuss.hashicorp.com/t/hcsec-2023-27-terraform-allows-arbitrary-file-write-during-init-operation/58082