5 matches found
EUVD-2022-52429
Malicious code in bioql PyPI...
CVE-2022-30580
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...
CVE-2022-30580
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...
Untrusted Search Path
Overview std/os/exec is a Go standard library package std/os/exec Affected versions of this package are vulnerable to Untrusted Search Path. Go Vulnerability Report: On Windows, executing Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset will unintentionally trigger...
GO-2022-0532 Empty Cmd.Path can trigger unintended binary in os/exec on Windows
On Windows, executing Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset will unintentionally trigger execution of any binaries in the working directory named either "..com" or "..exe"...