11 matches found
UBUNTU-CVE-2023-29404
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...
CVE-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...
EulerOS 2.0 SP3 : golang (EulerOS-SA-2020-2078)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, becau...
Goscan - Interactive Network Scanner
GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...
Updated golang packages fix security vulnerability
Updated golang packages fix security vulnerabilities: Go before 1.9.4 allows "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked CVE-2018-6574...
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...
Command injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before 1.10rc2 are vulnerable to remote command execution during source build via the go get workflow, by not blocking -fplugin/ -plugin usage in gcc/clang backends. A remote attacker hosting malicious repositories could trigger arb...
CVE-2018-6574
Removed by vendor...
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...