2 matches found
AZL-66098 CVE-2025-4674 affecting package golang for versions less than 1.18.8-10
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
AZL-42412 CVE-2024-24789 affecting package golang for versions less than 1.18.8-8
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...