Google Go Code Execution Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...

EUVD-2024-39636

Malicious code in bioql PyPI...

EUVD-2023-43055

Malicious code in bioql PyPI...

CVE-2024-42476

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

CVE-2024-42476

CVE-2024-42476 affects the Nim OAuth library prior to v0.11. The Authorization Code and Implicit flows rely on the state parameter to prevent CSRF, but when compiled with certain flags the state check can be bypassed. Version 0.11 fixes this by using a proper state validation (regular if or doAss...

CVE-2024-42476 oauth CSRF vulnerability

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

oauth 安全漏洞

oauth is an oauth library for nim by individual developer Yoshihiro Tanaka. A security vulnerability exists in versions prior to oauth 0.11, which stems from the use of certain compiler flags to compile projects where the state parameter may not be checked, leaving it vulnerable to cross-site...

Security Bulletin: Vulnerability in Go affect Cloud Pak System [CVE-2023-39323]

Summary Vulnerability in Golang Go affect Cloud Pak System. Vulnerability Details CVEID:CVE-2023-39323 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by improper enforcement of line directive restrictions in the "//go:cgo" directives. By...

openSUSE 15 Security Update : cJSON (openSUSE-SU-2024:0139-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0139-1 advisory. - Update to 1.7.18: CVE-2024-31755: NULL pointer dereference via cJSONSetValuestring boo1223420 Remove non-functional list handling of compiler...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20-openssl (SUSE-SU-2023:4472-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4472-1 advisory. - Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing...

Amazon Linux 2 : golang (ALAS-2023-2313)

The version of golang installed on the remote host is prior to 1.20.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2313 advisory. 2024-01-03: CVE-2023-39319 was added to this advisory. 2023-10-30: CVE-2023-39318 was added to this advisory. The...

Arbitrary Code Execution

github.com/golang/go is vulnerable to Arbitrary Code Execution. The vulnerability exists in the isCgoGeneratedFile function at noder.go due to line directives allowing blocked linker and compiler flags to be passed during compilation, which can result in arbitrary code execution when running go...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4018-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4018-1 advisory. - Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing blocked...

CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

CVE-2023-39323

CVE-2023-39323 affects golang (Go) where the //line directive can bypass //go:cgo_ restrictions, potentially enabling arbitrary code execution during go build. Connected advisories indicate affected golang packages across distributions with versions below patched releases (e.g., Mariner: < 1.2...

GO-2023-2095 Arbitrary code execution during build via line directives in cmd/go

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

Exploit for Classic Buffer Overflow in Jerryscript

CVE-2023-36109 a poc for cve-2023-36109 request repo g...

SUSE CVE-2020-28367

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

DEBIAN-CVE-2020-28367

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...