Lucene search

K
osvGoogleOSV:CVE-2018-6574
HistoryFeb 07, 2018 - 9:29 p.m.

CVE-2018-6574

2018-02-0721:29:00
Google
osv.dev
8

AI Score

7.8

Confidence

Low

EPSS

0.025

Percentile

90.2%

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow “go get” remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.