{"id":"AZL-39939","summary":"CVE-2024-3817 affecting package terraform for versions less than 1.3.2-14","details":"HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. \n\nThis vulnerability does not affect the go-getter/v2 branch and package.","modified":"2026-04-01T05:13:30.134153Z","published":"2024-04-17T20:15:08Z","upstream":["CVE-2024-3817"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3817"}],"affected":[{"package":{"name":"terraform","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/terraform"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-14"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39939.json"}}],"schema_version":"1.7.5"}