Medium: golang

Issue Overview: Arbitrary code execution during go get or go get -d Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points t...

Moderate: Red Hat Security Advisory: go-toolset-7 and go-toolset-7-golang security and bug fix update

An update for go-toolset-7 and go-toolset-7-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

golang: arbitrary code execution during "go get" via C compiler options

An arbitrary command execution flaw was found in the way Go's "go get" command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side...

Amazon Linux AMI : golang (ALAS-2018-975)

Arbitrary code execution during 'go get' via C compiler options : An arbitrary command execution flaw was found in the way Go's 'go get' command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to...