HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 2 of 3).
The MITRE CVE dictionary describes this issue as: