34 matches found
SUSE-SU-2026:0297-1 Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.6 released 2026-01-15 jscSLE-18320, bsc1244485: Security fixes: - CVE-2025-4674 cmd/go: disable support for multiple vcs in one module bsc1246118. - CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of '', '...
MiracleLinux 9 : golang-1.24.6-1.el9_6 (AXSA:2025-10754:04)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10754:04 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 8 : go-toolset:rhel8 (AXSA:2025-10761:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10761:01 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the MiracleLinux security...
TencentOS Server 3: go-toolset:rhel8 (TSSA-2025:0791)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0791 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
golang security update
An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...
openSUSE Security Advisory (SUSE-SU-2025:03161-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RockyLinux 8 : go-toolset:rhel8 (RLSA-2025:13940)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:13940 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the RockyLinux security advisory...
CLSA-2025-1756931716 golang: Fix of CVE-2025-4674
CVE-2025-4674: disallow multiple VCS metadata dirs in one module to prevent VCS injection attacks...
RHEL 8 : go-toolset:rhel8 (RHSA-2025:13940)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13940 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: Go VCS Command...
Important: golang
Issue Overview: cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Affected Packages: golang Issue Correction: Run dnf update golang --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1104 --releasever 2023.8.20250808 to update your system. More...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1104)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1104 advisory. cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Ness...
CVE-2025-4674 vulnerabilities
Vulnerabilities for packages: nvidia-nsight-compute-12.8, nvidia-nsight-compute-13.2, newrelic-fluent-bit-output, agentbeat, nemo, nvidia-nsight-compute-12.9, falco, nvidia-nsight-compute-13.1, nvidia-nsight-compute-13.0...
Amazon Linux 2 : golang (ALAS-2025-2939)
The version of golang installed on the remote host is prior to 1.23.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2939 advisory. cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Tenable has extracted the preceding description...
CVE-2025-4674
A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...
Important: golang
Issue Overview: cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...
CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
AZL-66098 CVE-2025-4674 affecting package golang for versions less than 1.18.8-10
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...