5 matches found
OESA-2025-2181 golang security update
. Security Fixes: The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VC...
TencentOS Server 4: golang (TSSA-2025:0662)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0662 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
cmd/go: Go VCS Command Execution Vulnerability
A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...
AZL-66098 CVE-2025-4674 affecting package golang for versions less than 1.18.8-10
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
UBUNTU-CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...