Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-24531

Опубликовано: 02 июл. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 9.8

Описание

Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out.

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

needs-triage

esm-infra/focal

DNE

esm-infra/xenial

needs-triage

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-apps/jammy

needs-triage

esm-apps/xenial

needs-triage

esm-infra/focal

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

mantic

DNE

noble

DNE

oracular

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

released

1.17.13-3ubuntu1.2
mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

released

1.18.1-1ubuntu1~18.04.4+esm1
esm-apps/xenial

released

1.18.1-1ubuntu1~16.04.6+esm1
esm-infra/focal

DNE

focal was released [1.18.1-1ubuntu1~20.04.3]
focal

released

1.18.1-1ubuntu1~20.04.3
jammy

released

1.18.1-1ubuntu1.2
mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal was needs-triage
focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

mantic

ignored

end of life, was needs-triage
noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/noble

needs-triage

esm-infra/focal

DNE

focal was needs-triage
focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

mantic

ignored

end of life, was needs-triage
noble

needs-triage

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal was not-affected [1.22.2-2~20.04.1]
focal

not-affected

1.22.2-2~20.04.1
jammy

not-affected

1.22.2-2~22.04
mantic

ignored

end of life, was needs-triage
noble

not-affected

1.22.2-2ubuntu0.1
oracular

not-affected

1.22.8-1
plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

esm-infra/xenial

needs-triage

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

mantic

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 70%
0.00655
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-24531

CVSS3: 9.8
nvd
12 месяцев назад

Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out.

debian логотип

CVE-2023-24531

CVSS3: 9.8
debian
12 месяцев назад

Command go env is documented as outputting a shell script containing t ...

redos логотип

ROS-20241015-09

CVSS3: 5.3
redos
8 месяцев назад

Уязвимость golang

github логотип

GHSA-cwpg-qgc6-jxvq

CVSS3: 9.8
github
12 месяцев назад

Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out.

fstec логотип

BDU:2024-08391

CVSS3: 9.8
fstec
почти 2 года назад

Уязвимость языка программирования Golang, связанная с непринятием мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 70%
0.00655
Низкий

9.8 Critical

CVSS3

Уязвимость CVE-2023-24531