Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-4674

Опубликовано: 29 июл. 2025
Источник: debian

Описание

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.24unfixedpackage
golang-1.23unfixedpackage
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15postponedbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/gTNJnDXmn34

  • https://github.com/golang/go/commit/825eeee3f789a11231ce23a4836c74ec5e34bf2a (go1.24.5)

  • https://github.com/golang/go/commit/e9d2c032b14c17083be0f8f0c822565199d2994f (go1.23.11)

  • https://github.com/golang/go/issues/74380

Связанные уязвимости

ubuntu логотип

CVE-2025-4674

CVSS3: 8.6
ubuntu
20 дней назад

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.

redhat логотип

CVE-2025-4674

CVSS3: 8.6
redhat
20 дней назад

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.

nvd логотип

CVE-2025-4674

CVSS3: 8.6
nvd
20 дней назад

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.

suse-cvrf логотип

SUSE-SU-2025:02296-1

suse-cvrf
около 1 месяца назад

Security update for go1.23

suse-cvrf логотип

SUSE-SU-2025:02295-1

suse-cvrf
около 1 месяца назад

Security update for go1.24