AZL-39939

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39939.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-39939
Upstream
Published
2024-04-17T20:15:08Z
Modified
2026-04-01T05:13:30.134153Z
Summary
CVE-2024-3817 affecting package terraform for versions less than 1.3.2-14
Details

HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches.

This vulnerability does not affect the go-getter/v2 branch and package.

References

Affected packages

Azure Linux:2 / terraform

Package

Name
terraform
Purl
pkg:rpm/azure-linux/terraform

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2-14

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39939.json"