HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/hashicorp/vagrant(Go) | 0 | 2.4.0 | N/A |
CVSS Metrics
