Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

cmd/go: Go VCS Command Execution Vulnerability

A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...

ALSA-2025:13941 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

AlmaLinux 9 : golang (ALSA-2025:13935)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:13935 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2025:13940)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:13940 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

Linux Distros Unpatched Vulnerability : CVE-2025-4674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in...

ALSA-2025:13935 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

RHEL 9 : golang (RHSA-2025:13939)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13939 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For...

ROS-20250814-04

Vulnerability in the moddavsvn module of the Subversion centralized version control system is related to a bug in the path-based authorization rule lookup. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

ROS-20250808-06

A vulnerability in the Golang programming language is related to the handling of untrusted version control system VCS repositories that contain malicious configuration. Version Control System VCS repositories containing malicious configuration. Exploitation of the vulnerability could allow an...

[SECURITY] Fedora 42 Update: reposurgeon-5.3-1.fc42

Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...

AZL-66101 CVE-2025-4674 affecting package golang for versions less than 1.22.7-5

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

AZL-66098 CVE-2025-4674 affecting package golang for versions less than 1.18.8-10

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

DEBIAN-CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

UBUNTU-CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

CVE-2025-4674

CVE-2025-4674 affects the Go toolchain (cmd/go) and its handling of VCS metadata. The issue arises when the Go command operates in untrusted VCS repositories that contain metadata from a different VCS, potentially enabling unexpected command execution. The affected component is the Go toolchain i...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the execution of unexpected commands in an untrusted VCS repository, which could lead to arbitrary code execution...

The vulnerability of the configuration of the Version Control System (VCS) of the Continuous Integration and Delivery Application Framework (CI/CD) tool JetBrains TeamCity allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the TeamCity VCS configuration in continuous integration and delivery systems is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from a remote location...