enrich CVE-2024-3817 for HashiCorp go-getter

Signed-off-by: Weston Steimel <[email protected]>
anchore · Jun 4, 2024 · 4685b5e · 4685b5e
1 parent b8991b6
commit 4685b5e
Showing 1 changed file with 45 additions and 0 deletions.
diff --git a/data/anchore/2024/CVE-2024-3817.json b/data/anchore/2024/CVE-2024-3817.json
@@ -0,0 +1,45 @@
+{
+  "additionalMetadata": {
+    "cna": "hashicorp",
+    "cveId": "CVE-2024-3817",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://pkg.go.dev",
+        "cpes": [
+          "cpe:2.3:a:hashicorp:go-getter:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "github.com/hashicorp/go-getter",
+        "platforms": [
+          "32 bit",
+          "64 bit",
+          "ARM",
+          "Linux",
+          "MacOS",
+          "Windows",
+          "x86"
+        ],
+        "product": "Go Getter",
+        "repo": "https://github.com/hashicorp/go-getter",
+        "vendor": "HashiCorp",
+        "versions": [
+          {
+            "lessThan": "1.7.3",
+            "status": "affected",
+            "version": "1.5.9",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}