Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-3115

Опубликовано: 26 янв. 2021
Источник: debian
EPSS Низкий

Описание

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.15fixed1.15.7-1package
golang-1.11removedpackage
golang-1.11ignoredbusterpackage
golang-1.8removedpackage
golang-1.8ignoredstretchpackage
golang-1.7removedpackage
golang-1.7ignoredstretchpackage

Примечания

  • https://github.com/golang/go/issues/43783

  • https://github.com/golang/go/commit/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0 (master)

  • https://github.com/golang/go/commit/e8e7facfaa47bf21007c0a1c679debba52ec3ea0 (1.15.7)

  • Mainly an issue on Windows but as well for Unix users who have '.' listed

  • explicitly in PATH and running 'go get' outside of a module or with module

  • mode disabled.

EPSS

Процентиль: 33%
0.0013
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-3115

CVSS3: 7.5
ubuntu
больше 4 лет назад

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

redhat логотип

CVE-2021-3115

CVSS3: 7.5
redhat
почти 5 лет назад

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

nvd логотип

CVE-2021-3115

CVSS3: 7.5
nvd
больше 4 лет назад

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

msrc логотип

CVE-2021-3115

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

github логотип

GHSA-79cw-x93g-q95p

CVSS3: 7.5
github
больше 3 лет назад

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

EPSS

Процентиль: 33%
0.0013
Низкий