github.com/hashicorp/terraform known bugs
go4 known bugs in github.com/hashicorp/terraform, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
4
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | any | 0.12.17 | Use of a Broken or Risky Cryptographic Algorithm in Terraform When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
### Specific Go Packages Affected
github.com/hashicorp/terraform/backend/remote-state/azure | fixed | osv:GHSA-h3p9-wrgx-82cm |
| medium | 1.0.8 | 1.5.7 | Terraform allows arbitrary file write during the `init` operation in github.com/hashicorp/terraform Terraform allows arbitrary file write during the `init` operation in github.com/hashicorp/terraform | fixed | osv:GO-2023-2055 |
| medium | any | 0.12.17 | Use of a Broken or Risky Cryptographic Algorithm in Terraform in github.com/hashicorp/terraform Use of a Broken or Risky Cryptographic Algorithm in Terraform in github.com/hashicorp/terraform | fixed | osv:GO-2022-0839 |
| medium | 1.0.8 | 1.5.7 | Terraform allows arbitrary file write during the `init` operation Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7. | fixed | osv:GHSA-h626-pv66-hhm7 |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/go/github.com/hashicorp/terraform