{"ecosystem":"go","package":"github.com/hashicorp/terraform","version":null,"bugs":[{"id":1057,"ecosystem":"go","package_name":"github.com/hashicorp/terraform","affected_version":null,"fixed_version":"0.12.17","bug_id":"osv:GHSA-h3p9-wrgx-82cm","title":"Use of a Broken or Risky Cryptographic Algorithm in Terraform","description":"When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.\n\n### Specific Go Packages Affected\ngithub.com/hashicorp/terraform/backend/remote-state/azure","severity":"high","status":"fixed","source":"osv","source_url":"https://github.com/hashicorp/terraform/security/advisories/GHSA-4rvg-555h-r626","labels":["CVE-2019-19316","GHSA-4rvg-555h-r626","GO-2022-0839"],"created_at":"2026-04-19T04:32:32.363790+00:00","updated_at":"2026-04-19T04:32:32.363790+00:00"},{"id":1060,"ecosystem":"go","package_name":"github.com/hashicorp/terraform","affected_version":"1.0.8","fixed_version":"1.5.7","bug_id":"osv:GO-2023-2055","title":"Terraform allows arbitrary file write during the `init` operation in github.com/hashicorp/terraform","description":"Terraform allows arbitrary file write during the `init` operation in github.com/hashicorp/terraform","severity":"medium","status":"fixed","source":"osv","source_url":"https://github.com/advisories/GHSA-h626-pv66-hhm7","labels":["CVE-2023-4782","GHSA-h626-pv66-hhm7"],"created_at":"2026-04-19T04:32:32.365888+00:00","updated_at":"2026-04-19T04:32:32.365888+00:00"},{"id":1059,"ecosystem":"go","package_name":"github.com/hashicorp/terraform","affected_version":null,"fixed_version":"0.12.17","bug_id":"osv:GO-2022-0839","title":"Use of a Broken or Risky Cryptographic Algorithm in Terraform in github.com/hashicorp/terraform","description":"Use of a Broken or Risky Cryptographic Algorithm in Terraform in github.com/hashicorp/terraform","severity":"medium","status":"fixed","source":"osv","source_url":"https://github.com/advisories/GHSA-h3p9-wrgx-82cm","labels":["CVE-2019-19316","GHSA-4rvg-555h-r626","GHSA-h3p9-wrgx-82cm"],"created_at":"2026-04-19T04:32:32.365426+00:00","updated_at":"2026-04-19T04:32:32.365426+00:00"},{"id":1058,"ecosystem":"go","package_name":"github.com/hashicorp/terraform","affected_version":"1.0.8","fixed_version":"1.5.7","bug_id":"osv:GHSA-h626-pv66-hhm7","title":"Terraform allows arbitrary file write during the `init` operation","description":"Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.","severity":"medium","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4782","labels":["CVE-2023-4782","GO-2023-2055"],"created_at":"2026-04-19T04:32:32.364858+00:00","updated_at":"2026-04-19T04:32:32.364858+00:00"}],"total":4,"_cache":"miss"}