github.com/hashicorp/terraform
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/hashicorp/terraformpage 1 of 1
- CVE-2019-19316HIGHCVSS 7.5EG 7.5✓ Fixed in 0.12.172019-12-02
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
- CVE-2023-4782MEDIUMCVSS 6.3EG 6.3✓ Fixed in 1.5.72023-09-08
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.
Check whether github.com/hashicorp/terraform is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/hashicorp/terraform CVEs against the assets you own.
Start Free Scan →