Affected by GO-2022-0618 and 11 other vulnerabilities

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

helper/

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Path	Synopsis
certutil Package certutil contains helper functions that are mostly used with the PKI backend but can be generally useful.	Package certutil contains helper functions that are mostly used with the PKI backend but can be generally useful.
flag-kv
flag-slice
gated-writer
kdf This package is used to implement Key Derivation Functions (KDF) based on the recommendations of NIST SP 800-108.	This package is used to implement Key Derivation Functions (KDF) based on the recommendations of NIST SP 800-108.
kv-builder
mfa Package mfa provides wrappers to add multi-factor authentication to any auth backend.	Package mfa provides wrappers to add multi-factor authentication to any auth backend.
duo Package duo provides a Duo MFA handler to authenticate users with Duo.	Package duo provides a Duo MFA handler to authenticate users with Duo.
mlock
password password is a package for reading a password securely from a terminal.	password is a package for reading a password securely from a terminal.
pgpkeys
salt
xor