2 matches found
AZL-43104 CVE-2023-24531 affecting package msft-golang for versions less than 1.21.0-1
Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is...
AZL-43110 CVE-2023-24531 affecting package golang for versions less than 1.21.0-1
Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is...