Lucene search
+L

113 matches found

Tenable Nessus
Tenable Nessus
added 2018/12/24 12:0 a.m.36 views

GLSA-201812-09 : Go: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201812-09 Go: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause arbitrary code execution by passing...

8.1CVSS7.7AI score0.66252EPSS
Exploits0References4
CNVD
CNVD
added 2018/12/17 12:0 a.m.1 views

Google Go Path Traversal Vulnerability

Google Go is a programming language optimized for programming applications on multiprocessor systems by Google. A directory traversal vulnerability exists in the 'go get' command in Google Go versions prior to 1.10.6 and 1.11.x prior to 1.11.3 GOPATH mode, which can be exploited by an attacker to...

8.1CVSS7.4AI score0.05039EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/12/17 12:0 a.m.49 views

Amazon Linux AMI : golang (ALAS-2018-1130)

In Go before 1.10.6 and 1.11.x before 1.11.3, the 'go get' command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS8AI score0.66252EPSS
Exploits0References4
CNVD
CNVD
added 2018/12/17 12:0 a.m.4 views

Google Go Remote Code Execution Vulnerability

Google Go is a programming language optimized for programming applications on multiprocessor systems by Google. A remote code execution vulnerability exists in the 'go get' command in Google Go versions prior to 1.10.6 and 1.11.x prior to 1.11.3 GOPATH mode, which can be exploited by a remote...

8.1CVSS7.7AI score0.66252EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/12/14 2:29 p.m.4 views

CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

8.1CVSS8.9AI score0.05039EPSS
Exploits0References15Affected Software1
NVD
NVD
added 2018/12/14 2:29 p.m.22 views

CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

8.1CVSS7.5AI score0.05039EPSS
Exploits0References12
OSV
OSV
added 2018/12/14 2:29 p.m.2 views

UBUNTU-CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

8.1CVSS7.2AI score0.05039EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/12/14 2:29 p.m.30 views

CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS7.5AI score0.66252EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/12/14 2:29 p.m.4 views

CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS9.3AI score0.66252EPSS
Exploits0References15Affected Software1
OSV
OSV
added 2018/12/14 2:29 p.m.5 views

UBUNTU-CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS7.6AI score0.66252EPSS
Exploits0References3
CVE
CVE
added 2018/12/14 2:0 p.m.261 views

CVE-2018-16873

CVE-2018-16873 is a Go go get remote code execution vulnerability (GOPATH mode) where a malicious package import path can cause the parent directory to be treated as a Git repository root, leading to execution of commands from the repository’s config if it contains malicious directives. Connected...

8.1CVSS8.5AI score0.66252EPSS
Exploits0References12Affected Software1
Positive Technologies
Positive Technologies
added 2018/09/07 12:0 a.m.13 views

PT-2018-3478 · Go +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command and is caused by insufficient input validation, specifically when using the -u flag with a malicious import path. This ca...

9.8CVSS7.2AI score0.9857EPSS
Exploits233References381
Positive Technologies
Positive Technologies
added 2018/09/07 12:0 a.m.76 views

PT-2018-3479 · Google +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command in the Go programming language, which is vulnerable to directory traversal when executed with the import path of a...

9.8CVSS7AI score0.9857EPSS
Exploits233References381
Mageia
Mageia
added 2018/05/16 8:24 a.m.37 views

Updated golang packages fix security vulnerability

A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

9.3CVSS7AI score0.63229EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2018/05/03 7:13 a.m.6 views

golang: arbitrary code execution during "go get" via C compiler options

An arbitrary command execution flaw was found in the way Go's "go get" command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side...

7.8CVSS7.6AI score0.07768EPSS
Exploits4References4
Check Point Advisories
Check Point Advisories
added 2018/04/30 12:0 a.m.14 views

Google Golang Get Command Injection (CVE-2018-7187)

A command injection vulnerability exists in the golang client. This vulnerability is due to insufficient sanitization of user input by the go get command...

9.3CVSS2.6AI score0.63229EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2018/04/10 9:33 a.m.6 views

golang: arbitrary code execution during "go get" via C compiler options

An arbitrary command execution flaw was found in the way Go's "go get" command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side...

7.8CVSS7.6AI score0.07768EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2018/04/10 9:33 a.m.7 views

golang: arbitrary code execution during "go get" or "go get -d"

An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side...

9.8CVSS7.7AI score0.08944EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2018/04/04 12:0 a.m.7 views

The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary commands.

The vulnerability of the “go get” command in the Go programming language exists due to insufficient validation of input data insufficient checking of the import path when using the “-insecure” option. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a...

9.3CVSS7.6AI score0.63229EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/03/27 12:0 a.m.34 views

Amazon Linux AMI : golang (ALAS-2018-975)

Arbitrary code execution during 'go get' via C compiler options : An arbitrary command execution flaw was found in the way Go's 'go get' command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to...

9.3CVSS8.1AI score0.63229EPSS
Exploits5References3
Rows per page
Query Builder