[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-3817":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":39,"aliases":40,"duplicate_of":9,"upstream":43,"downstream":44,"duplicates":55,"related":56,"reserved_at":9,"published_at":84,"modified_at":85,"state":86,"summary":87,"references_raw":96,"kevs":124,"epss":125,"epss_history":128,"metrics":389,"affected":398},"CVE-2024-3817","HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. \n\nThis vulnerability does not affect the go-getter/v2 branch and package.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-88","Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')","The product constructs a string for a command to be executed by a separate component\nin another control sphere, but it does not properly delimit the\nintended arguments, options, or switches within that command string.","weakness","Draft","Base",[19,23,27,31,35],{"id":20,"name":21,"techniques":22},"CAPEC-137","Parameter Injection",[],{"id":24,"name":25,"techniques":26},"CAPEC-174","Flash Parameter Injection",[],{"id":28,"name":29,"techniques":30},"CAPEC-41","Using Meta-characters in E-mail Headers to Inject Malicious Payloads",[],{"id":32,"name":33,"techniques":34},"CAPEC-460","HTTP Parameter Pollution (HPP)",[],{"id":36,"name":37,"techniques":38},"CAPEC-88","OS Command Injection",[],[],[41,42],"GHSA-q64h-39hv-4cf7","GO-2024-2800",[],[45,47,49,51,53],{"_key":46},"UBUNTU-CVE-2024-3817",{"_key":48},"OPENSUSE-SU-2025:0056-1",{"_key":50},"OPENSUSE-SU-2025:14713-1",{"_key":52},"OPENSUSE-SU-2025:20117-1",{"_key":54},"DEBIAN-CVE-2024-3817",[],[57,58,59,60,62,64,66,68,70,72,74,76,78,80,82],{"_key":48},{"_key":50},{"_key":52},{"_key":61},"CGA-2J69-GXH4-HPHH",{"_key":63},"CGA-2X35-79QR-MW3Q",{"_key":65},"CGA-45J5-WG5J-CFR9",{"_key":67},"CGA-53WX-VFX6-XCP5",{"_key":69},"CGA-66Q6-JFXP-9WV7",{"_key":71},"CGA-77C4-7579-MQ5G",{"_key":73},"CGA-7RC7-QF6C-9H7W",{"_key":75},"CGA-8CQG-HXPJ-X26R",{"_key":77},"CGA-G56R-QRFC-HGQ4",{"_key":79},"CGA-JVXV-V56M-JH46",{"_key":81},"CGA-W4H7-55WV-6MG4",{"_key":83},"CGA-62M2-47V9-7V3M","2024-04-17T19:37:25.878Z","2024-08-01T20:20:01.607Z","Analyzed",{"cisa_kev":88,"cisa_ransomware":88,"cisa_vendor":9,"epss_severity":89,"epss_score":90,"severity":91,"severity_score":92,"severity_version":93,"severity_source":94,"severity_vector":95,"severity_status":86},false,"low",0.02482,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[97,105,110,115,120],{"url":98,"sources":99,"tags":102},"https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040",[94,100,101],"nvd","osv_go",[103,104],"Vendor Advisory","WEB",{"url":106,"sources":107,"tags":108},"https://nvd.nist.gov/vuln/detail/CVE-2024-3817",[101],[109],"Advisory",{"url":111,"sources":112,"tags":113},"https://github.com/hashicorp/go-getter/commit/268c11cae8cf0d9374783e06572679796abe9ce9",[101],[104,114],"FIX",{"url":116,"sources":117,"tags":118},"https://github.com/hashicorp/go-getter",[101],[119],"PACKAGE",{"url":121,"sources":122,"tags":123},"https://github.com/advisories/GHSA-q64h-39hv-4cf7",[101],[109],[],{"date":126,"score":90,"percentile":127},"2026-06-04",0.85568,[129,133,136,139,142,144,147,150,153,156,159,162,165,168,171,175,178,181,184,187,190,193,196,198,201,204,207,210,213,216,218,221,224,227,230,233,235,237,240,244,247,250,253,256,259,262,265,268,271,273,276,279,282,285,288,291,294,297,299,302,305,307,310,313,316,319,322,325,327,330,333,335,338,341,344,347,350,352,355,357,360,363,366,369,372,375,378,381,383,386],{"date":130,"score":131,"percentile":132},"2025-11-04",0.00159,0.37268,{"date":134,"score":131,"percentile":135},"2025-11-05",0.37258,{"date":137,"score":131,"percentile":138},"2025-11-06",0.37256,{"date":140,"score":131,"percentile":141},"2025-11-07",0.37277,{"date":143,"score":131,"percentile":141},"2025-11-08",{"date":145,"score":131,"percentile":146},"2025-11-09",0.37261,{"date":148,"score":131,"percentile":149},"2025-11-10",0.37223,{"date":151,"score":131,"percentile":152},"2025-11-11",0.37247,{"date":154,"score":131,"percentile":155},"2025-11-12",0.37287,{"date":157,"score":131,"percentile":158},"2025-11-13",0.37298,{"date":160,"score":131,"percentile":161},"2025-11-14",0.373,{"date":163,"score":131,"percentile":164},"2025-11-15",0.37299,{"date":166,"score":131,"percentile":167},"2025-11-16",0.37283,{"date":169,"score":131,"percentile":170},"2025-11-17",0.37264,{"date":172,"score":173,"percentile":174},"2025-11-18",0.00522,0.64326,{"date":176,"score":173,"percentile":177},"2025-11-19",0.64335,{"date":179,"score":173,"percentile":180},"2025-11-20",0.64333,{"date":182,"score":131,"percentile":183},"2025-11-21",0.37269,{"date":185,"score":131,"percentile":186},"2025-11-22",0.3727,{"date":188,"score":131,"percentile":189},"2025-11-23",0.37235,{"date":191,"score":131,"percentile":192},"2025-11-24",0.37221,{"date":194,"score":131,"percentile":195},"2025-11-25",0.37225,{"date":197,"score":131,"percentile":192},"2025-11-26",{"date":199,"score":131,"percentile":200},"2025-11-27",0.37231,{"date":202,"score":131,"percentile":203},"2025-11-28",0.37213,{"date":205,"score":131,"percentile":206},"2025-11-29",0.37193,{"date":208,"score":131,"percentile":209},"2025-11-30",0.37178,{"date":211,"score":131,"percentile":212},"2025-12-01",0.37291,{"date":214,"score":131,"percentile":215},"2025-12-02",0.37301,{"date":217,"score":131,"percentile":215},"2025-12-03",{"date":219,"score":131,"percentile":220},"2025-12-04",0.37174,{"date":222,"score":131,"percentile":223},"2025-12-05",0.3721,{"date":225,"score":131,"percentile":226},"2025-12-06",0.37208,{"date":228,"score":131,"percentile":229},"2025-12-07",0.37179,{"date":231,"score":131,"percentile":232},"2025-12-08",0.37191,{"date":234,"score":131,"percentile":200},"2025-12-09",{"date":236,"score":131,"percentile":212},"2025-12-10",{"date":238,"score":131,"percentile":239},"2025-12-11",0.37319,{"date":241,"score":242,"percentile":243},"2025-12-12",0.01134,0.77807,{"date":245,"score":242,"percentile":246},"2025-12-13",0.77808,{"date":248,"score":242,"percentile":249},"2025-12-14",0.77805,{"date":251,"score":242,"percentile":252},"2025-12-15",0.77803,{"date":254,"score":242,"percentile":255},"2025-12-16",0.77814,{"date":257,"score":242,"percentile":258},"2025-12-17",0.77823,{"date":260,"score":242,"percentile":261},"2025-12-18",0.77838,{"date":263,"score":242,"percentile":264},"2025-12-19",0.77852,{"date":266,"score":242,"percentile":267},"2025-12-20",0.77845,{"date":269,"score":242,"percentile":270},"2025-12-21",0.77839,{"date":272,"score":242,"percentile":270},"2025-12-22",{"date":274,"score":242,"percentile":275},"2025-12-23",0.7784,{"date":277,"score":242,"percentile":278},"2025-12-24",0.77851,{"date":280,"score":242,"percentile":281},"2025-12-25",0.77871,{"date":283,"score":242,"percentile":284},"2025-12-26",0.77867,{"date":286,"score":242,"percentile":287},"2025-12-27",0.77915,{"date":289,"score":242,"percentile":290},"2025-12-28",0.77856,{"date":292,"score":242,"percentile":293},"2025-12-29",0.77853,{"date":295,"score":242,"percentile":296},"2025-12-30",0.77858,{"date":298,"score":242,"percentile":281},"2025-12-31",{"date":300,"score":242,"percentile":301},"2026-01-01",0.77991,{"date":303,"score":242,"percentile":304},"2026-01-02",0.77992,{"date":306,"score":242,"percentile":301},"2026-01-03",{"date":308,"score":242,"percentile":309},"2026-01-04",0.77873,{"date":311,"score":242,"percentile":312},"2026-01-05",0.77866,{"date":314,"score":242,"percentile":315},"2026-01-06",0.77874,{"date":317,"score":242,"percentile":318},"2026-01-07",0.77881,{"date":320,"score":242,"percentile":321},"2026-01-08",0.77886,{"date":323,"score":242,"percentile":324},"2026-01-09",0.77891,{"date":326,"score":242,"percentile":324},"2026-01-10",{"date":328,"score":242,"percentile":329},"2026-01-11",0.77883,{"date":331,"score":242,"percentile":332},"2026-01-12",0.77868,{"date":334,"score":242,"percentile":284},"2026-01-13",{"date":336,"score":242,"percentile":337},"2026-01-14",0.77889,{"date":339,"score":242,"percentile":340},"2026-01-15",0.77893,{"date":342,"score":242,"percentile":343},"2026-01-16",0.77902,{"date":345,"score":242,"percentile":346},"2026-01-17",0.77908,{"date":348,"score":242,"percentile":349},"2026-01-18",0.77904,{"date":351,"score":242,"percentile":343},"2026-01-19",{"date":353,"score":242,"percentile":354},"2026-01-20",0.77896,{"date":356,"score":242,"percentile":343},"2026-01-21",{"date":358,"score":242,"percentile":359},"2026-01-22",0.7791,{"date":361,"score":242,"percentile":362},"2026-01-23",0.77937,{"date":364,"score":242,"percentile":365},"2026-01-24",0.77948,{"date":367,"score":242,"percentile":368},"2026-01-25",0.7794,{"date":370,"score":242,"percentile":371},"2026-01-26",0.77935,{"date":373,"score":242,"percentile":374},"2026-01-27",0.77933,{"date":376,"score":242,"percentile":377},"2026-01-28",0.77939,{"date":379,"score":242,"percentile":380},"2026-01-29",0.77936,{"date":382,"score":242,"percentile":368},"2026-01-30",{"date":384,"score":242,"percentile":385},"2026-01-31",0.77942,{"date":387,"score":242,"percentile":388},"2026-02-01",0.78053,[390,394,396],{"source":94,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":391,"cvss_v4_0":9},{"baseScore":92,"baseSeverity":392,"vectorString":95,"impactScore":92,"exploitabilityScore":393},"CRITICAL",10,{"source":100,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":395,"cvss_v4_0":9},{"baseScore":92,"baseSeverity":392,"vectorString":95,"impactScore":92,"exploitabilityScore":393},{"source":101,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":397,"cvss_v4_0":9},{"baseScore":92,"baseSeverity":9,"vectorString":95,"impactScore":92,"exploitabilityScore":393},[399,414,421],{"ecosystem":400,"name":401,"vendor":402,"product":403,"cpe_part":9,"purl_type":404,"purl_namespace":402,"purl_name":403,"source":9,"versions":405},"Go","github.com/hashicorp/go-getter","github.com/hashicorp","go-getter","golang",[406],{"version":407,"is_range":408,"range_type":409,"version_start":410,"version_start_type":411,"version_end":412,"version_end_type":413,"fixed_in":9},"gte1_5_9_lt1_7_4",true,"semver","1.5.9","including","1.7.4","excluding",{"ecosystem":9,"name":403,"vendor":415,"product":403,"cpe_part":416,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":417},"hashicorp","a",[418],{"version":419,"is_range":408,"range_type":420,"version_start":410,"version_start_type":411,"version_end":412,"version_end_type":413,"fixed_in":9},"gte1.5.9_lt1.7.4","cpe",{"ecosystem":9,"name":422,"vendor":415,"product":423,"cpe_part":416,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":424},"Shared library","shared library",[425],{"version":426,"is_range":408,"range_type":94,"version_start":410,"version_start_type":411,"version_end":427,"version_end_type":413,"fixed_in":9},">= 1.5.9, \u003C 1.7.3","1.7.3"]