golang: cmd/go: packages using cgo can cause arbitrary code execution at build time

A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have "." listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and...

PT-2009-6629 · Httpdx · Httpdx

Name of the Vulnerable Software and Affected Versions: httpdx versions 1.4.4 and earlier Description: The issue allows remote attackers to obtain the source code for a web page by appending a . dot character to the URI. Recommendations: For httpdx versions 1.4.4 and earlier, consider restricting...