HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3).
The MITRE CVE dictionary describes this issue as: