Описание
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| lunar | ignored | end of life, was needs-triage |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | DNE | |
| esm-infra/focal | DNE | focal was released [1.20.3-1ubuntu0.1~20.04.1] |
| focal | released | 1.20.3-1ubuntu0.1~20.04.1 |
| jammy | released | 1.20.3-1ubuntu0.1~22.04.1 |
| lunar | released | 1.20.3-1ubuntu0.2 |
| mantic | released | 1.20.8-1ubuntu0.23.10.1 |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | DNE | |
| esm-apps/noble | not-affected | 1.21.5-1 |
| esm-infra/focal | DNE | focal was released [1.21.1-1~ubuntu20.04.2] |
| focal | released | 1.21.1-1~ubuntu20.04.2 |
| jammy | released | 1.21.1-1~ubuntu22.04.2 |
| lunar | released | 1.21.1-1~ubuntu23.04.2 |
| mantic | released | 1.21.1-1ubuntu0.23.10.1 |
| noble | not-affected | 1.21.5-1 |
| oracular | DNE |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS3
Связанные уязвимости
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).
Using go get to fetch a module with the ".git" suffix may unexpectedly ...
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).
Уязвимость компонента cmd-go языка программирования Go, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.5 High
CVSS3