11 matches found
K000152608: Golang vulnerabilities CVE-2023-39320, CVE-2023-39323, CVE-2023-45289, and CVE-2024-24788
Security Advisory Description CVE-2023-39320 The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command...
Security Bulletin: IBM Cloud Pak for Data Scheduling contains a vulnerable yq package. [CVE-2023-39320, CVE-2023-39321 and CVE-2023-39322]
Summary Yq is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities. Vulnerability Details CVEID:CVE-2023-39320 DESCRIPTION: Golang Go could allow a remote...
openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:3701-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21-openssl (SUSE-SU-2023:4469-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4469-1 advisory. - The html/template package does not properly handle HTML-like comment tokens, nor hashbang !...
Security Bulletin: Operations Dashboard is vulnerable to remote code execution due to Go
Summary Operations Dashboard is vulnerable to remote code execution due to Go CVE-2023-39320 with details below. The vulnerability has been addressed. Vulnerability Details CVEID: CVE-2023-39320 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused b...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to code injection and privilege escalation due to multiple vulnerabilities in Go
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to code injection and privilege escalation due to multiple vulnerabilities in Go with details below CVE-2023-39320, CVE-2023-39321, CVE-2023-39322. The vulnerabilities have been addressed. Vulnerabili...
CVE-2023-39320 vulnerabilities
Vulnerabilities for packages: metrics-server...
CVE-2023-39320
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...
CVE-2023-39320 vulnerabilities
Vulnerabilities for packages: metrics-server...
BELL-CVE-2023-39320
Bulletin has no description...
CVE-2023-39320 Arbitrary code execution via go.mod toolchain directive in cmd/go
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...