Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2023/06/29 9:49 a.m.5 views

golang: cmd/go: go command may generate unexpected code at build time when using cgo

A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names...

9.8CVSS7.1AI score0.01708EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:23 a.m.9 views

SUSE CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

6.8CVSS7.8AI score0.05039EPSS
Exploits0References37
OSV
OSV
added 2018/12/14 2:29 p.m.1 views

UBUNTU-CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS7.6AI score0.66252EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2018/12/14 2:29 p.m.4 views

CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS9.3AI score0.66252EPSS
Exploits0References15Affected Software1
OSV
OSV
added 2018/12/14 2:29 p.m.2 views

UBUNTU-CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

8.1CVSS7.2AI score0.05039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/09/07 12:0 a.m.11 views

PT-2018-3478 · Go +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command and is caused by insufficient input validation, specifically when using the -u flag with a malicious import path. This ca...

9.8CVSS7.2AI score0.9857EPSS
Exploits232References381
Rows per page
Query Builder