Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-39320

Опубликовано: 06 сент. 2023
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.

A flaw was found in Golang. The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy and downloaded directly using VCS software.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2openshift-golang-builder-containerNot affected
Red Hat Enterprise Linux 8go-toolset:rhel8/golangNot affected
Red Hat Enterprise Linux 8go-toolset:rhel8/go-toolsetNot affected
Red Hat Enterprise Linux 9golangNot affected
Red Hat OpenShift Container Platform 4openshift-golang-builder-containerNot affected
Red Hat OpenShift Virtualization 4openshift-golang-builder-containerNot affected
Red Hat Storage 3golangNot affected
Red Hat Storage 3go-toolset-7-golangNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-94
https://bugzilla.redhat.com/show_bug.cgi?id=2237775golang: cmd/go: go.mod toolchain directive allows arbitrary execution

EPSS

Процентиль: 74%
0.00798
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-39320

CVSS3: 9.8
ubuntu
больше 2 лет назад

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.

nvd логотип

CVE-2023-39320

CVSS3: 9.8
nvd
больше 2 лет назад

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.

debian логотип

CVE-2023-39320

CVSS3: 9.8
debian
больше 2 лет назад

The go.mod toolchain directive, introduced in Go 1.21, can be leverage ...

github логотип

GHSA-rxv8-v965-v333

CVSS3: 9.8
github
больше 2 лет назад

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.

fstec логотип

BDU:2023-05718

CVSS3: 9.8
fstec
больше 2 лет назад

Уязвимость файла go.mod языка программирования Go, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

EPSS

Процентиль: 74%
0.00798
Низкий

8.8 High

CVSS3