"-Synchronized-Data."

2025-07-30 18:04:30 +00:00 · 2022-08-10 22:00:52 +00:00 · 2022-08-10 22:00:52 +00:00 · 6f4f0e67a9
commit 6f4f0e67a9
parent e22b437f7d
3 changed files with 3 additions and 3 deletions
--- a/2022/26xxx/CVE-2022-26945.json
+++ b/2022/26xxx/CVE-2022-26945.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "HashiCorp go-getter before 2.0.2 allows Command Injection."
+                "value": "go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0."
            }
        ]
    },
--- a/2022/30xxx/CVE-2022-30321.json
+++ b/2022/30xxx/CVE-2022-30321.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3)."
+                "value": "go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0."
            }
        ]
    },
--- a/2022/36xxx/CVE-2022-36129.json
+++ b/2022/36xxx/CVE-2022-36129.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "HashiCorp Vault and Vault Enterprise through 2022-07-17 have Incorrect Access Control."
+                "value": "HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1."
            }
        ]
    },