Описание
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Ссылки
- Vendor Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одновременно
Одно из
Одно из
EPSS
7.5 High
CVSS3
5.1 Medium
CVSS2
Дефекты
Связанные уязвимости
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to ...
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
EPSS
7.5 High
CVSS3
5.1 Medium
CVSS2