[github.com/hashicorp/go-getter] Command injection in HashiCorp go-getter

HashiCorp go-getter before 2.0.2 allows Command Injection.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-26945
• https://discuss.hashicorp.com
• https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
• https://github.com/advisories/GHSA-x24g-9w7v-vprh