113 matches found
GLSA-201812-09 : Go: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201812-09 Go: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause arbitrary code execution by passing...
Google Go Path Traversal Vulnerability
Google Go is a programming language optimized for programming applications on multiprocessor systems by Google. A directory traversal vulnerability exists in the 'go get' command in Google Go versions prior to 1.10.6 and 1.11.x prior to 1.11.3 GOPATH mode, which can be exploited by an attacker to...
Amazon Linux AMI : golang (ALAS-2018-1130)
In Go before 1.10.6 and 1.11.x before 1.11.3, the 'go get' command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...
Google Go Remote Code Execution Vulnerability
Google Go is a programming language optimized for programming applications on multiprocessor systems by Google. A remote code execution vulnerability exists in the 'go get' command in Google Go versions prior to 1.10.6 and 1.11.x prior to 1.11.3 GOPATH mode, which can be exploited by a remote...
CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...
CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...
UBUNTU-CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...
CVE-2018-16873
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...
CVE-2018-16873
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...
UBUNTU-CVE-2018-16873
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...
CVE-2018-16873
CVE-2018-16873 is a Go go get remote code execution vulnerability (GOPATH mode) where a malicious package import path can cause the parent directory to be treated as a Git repository root, leading to execution of commands from the repository’s config if it contains malicious directives. Connected...
PT-2018-3478 · Go +2 · Go +2
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command and is caused by insufficient input validation, specifically when using the -u flag with a malicious import path. This ca...
PT-2018-3479 · Google +2 · Go +2
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command in the Go programming language, which is vulnerable to directory traversal when executed with the import path of a...
Updated golang packages fix security vulnerability
A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...
golang: arbitrary code execution during "go get" via C compiler options
An arbitrary command execution flaw was found in the way Go's "go get" command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side...
Google Golang Get Command Injection (CVE-2018-7187)
A command injection vulnerability exists in the golang client. This vulnerability is due to insufficient sanitization of user input by the go get command...
golang: arbitrary code execution during "go get" via C compiler options
An arbitrary command execution flaw was found in the way Go's "go get" command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side...
golang: arbitrary code execution during "go get" or "go get -d"
An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side...
The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary commands.
The vulnerability of the “go get” command in the Go programming language exists due to insufficient validation of input data insufficient checking of the import path when using the “-insecure” option. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a...
Amazon Linux AMI : golang (ALAS-2018-975)
Arbitrary code execution during 'go get' via C compiler options : An arbitrary command execution flaw was found in the way Go's 'go get' command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to...