4 matches found
cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...
ALSA-2026:5941 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...
Unexpected command execution in untrusted VCS repositories in cmd/go
...
cmd/go 安全漏洞
Google Go Cmd/go is a codebase that provides command support for the Go language from Google, Inc. in the United States. A security vulnerability exists in cmd/go that originates in cmd into go prior to 1.16.14 and 1.17. x prior to 1.17.7 may incorrectly interpret branch names as version markers...