Количество 29
Количество 29
CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.
CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.
CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.
CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...
GHSA-7p6h-w6m6-5fm2
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.
BDU:2020-01888
Уязвимость реализации команды «go get» языка программирования Go, позволяющая нарушителю выполнить произвольный код
openSUSE-SU-2019:0189-1
Security update for docker
openSUSE-SU-2018:4255-1
Security update for go1.10
openSUSE-SU-2018:4181-1
Security update for go1.11
SUSE-SU-2019:0286-1
Security update for docker
SUSE-SU-2019:0048-2
Security update for helm-mirror
SUSE-SU-2019:0048-1
Security update for helm-mirror
openSUSE-SU-2019:1079-1
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
openSUSE-SU-2019:0295-1
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
openSUSE-SU-2019:0208-1
Security update for runc
openSUSE-SU-2018:4306-1
Security update for containerd, docker and go
SUSE-SU-2019:1264-1
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
SUSE-SU-2019:0495-1
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
SUSE-SU-2018:4297-1
Security update for containerd, docker and go
openSUSE-SU-2019:1499-1
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-16874 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. | CVSS3: 8.1 | 2% Низкий | около 7 лет назад |
 | CVE-2018-16874 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. | CVSS3: 6.8 | 2% Низкий | около 7 лет назад |
 | CVE-2018-16874 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. | CVSS3: 8.1 | 2% Низкий | около 7 лет назад |
| CVE-2018-16874 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ... | CVSS3: 8.1 | 2% Низкий | около 7 лет назад |
| GHSA-7p6h-w6m6-5fm2 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. | CVSS3: 8.1 | 2% Низкий | больше 3 лет назад |
 | BDU:2020-01888 Уязвимость реализации команды «go get» языка программирования Go, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.1 | 2% Низкий | около 7 лет назад |
 | openSUSE-SU-2019:0189-1 Security update for docker | почти 7 лет назад | ||
| openSUSE-SU-2018:4255-1 Security update for go1.10 | около 7 лет назад | ||
| openSUSE-SU-2018:4181-1 Security update for go1.11 | около 7 лет назад | ||
| SUSE-SU-2019:0286-1 Security update for docker | около 7 лет назад | ||
| SUSE-SU-2019:0048-2 Security update for helm-mirror | больше 6 лет назад | ||
| SUSE-SU-2019:0048-1 Security update for helm-mirror | около 7 лет назад | ||
| openSUSE-SU-2019:1079-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc | почти 7 лет назад | ||
| openSUSE-SU-2019:0295-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc | почти 7 лет назад | ||
| openSUSE-SU-2019:0208-1 Security update for runc | почти 7 лет назад | ||
| openSUSE-SU-2018:4306-1 Security update for containerd, docker and go | около 7 лет назад | ||
| SUSE-SU-2019:1264-1 Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork | больше 6 лет назад | ||
| SUSE-SU-2019:0495-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc | почти 7 лет назад | ||
| SUSE-SU-2018:4297-1 Security update for containerd, docker and go | около 7 лет назад | ||
| openSUSE-SU-2019:1499-1 Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork | больше 6 лет назад |
Уязвимостей на страницу