Описание
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
| Релиз | Статус | Примечание |
|---|---|---|
| upstream | not-affected | debian: Only affects Go on Windows |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| impish | not-affected | windows only |
| upstream | not-affected | debian: Only affects Go on Windows |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| impish | not-affected | windows only |
| jammy | not-affected | windows only |
| kinetic | DNE | |
| lunar | DNE | |
| upstream | not-affected | debian: Only affects Go on Windows |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | windows only |
| devel | DNE | |
| esm-infra/focal | DNE | focal was not-affected [windows only] |
| focal | not-affected | windows only |
| jammy | not-affected | windows only |
| kinetic | DNE | |
| lunar | DNE | |
| upstream | not-affected | debian: Only affects Go on Windows |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| upstream | not-affected | debian: Only affects Go on Windows |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | windows only |
| esm-apps/bionic | not-affected | windows only |
| upstream | not-affected | debian: Only affects Go on Windows |
Показывать по
Ссылки на источники
EPSS
7.8 High
CVSS3
Связанные уязвимости
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 ...
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
EPSS
7.8 High
CVSS3