x/vulndb: potential Go vuln in github.com/hashicorp/go-getter: CVE-2022-30321

[GoVulnBot]

CVE-2022-30321 references github.com/hashicorp/go-getter, which may be a Go module.

Description:
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3).

Links:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-30321
• JSON: https://github.com/CVEProject/cvelist/tree/ee44ec79ace298fd07b44c86fc38928d9785cdff/2022/30xxx/CVE-2022-30321.json
• https://discuss.hashicorp.com
• https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
• https://github.com/hashicorp/go-getter/releases

See doc/triage.md for instructions on how to triage this report.

module: github.com/hashicorp/go-getter
package: n/a
description: |
    HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3).
cves:
  - CVE-2022-30321
links:
    context:
      - https://discuss.hashicorp.com
      - https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
      - https://github.com/hashicorp/go-getter/releases

[neild]

Vulnerability in tool.

[neild]

Revisit: go-getter is an importable package, not a tool.

[neild]

Duplicate of #586