Hashicorp: >> Go-Getter >> 1.7.8 Security Vulnerabilities
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-08-15