24 matches found
CVE-2025-61731
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...
UBUNTU-CVE-2025-61731
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...
EUVD-2023-43055
Malicious code in bioql PyPI...
Exploit for CVE-2024-32019
CVE-2024-32019-poc Netdata ndsudo PoC Build the binary: ba...
GHSA-F6MM-5FC7-3G3C goreleaser shows environment by default
Summary Since 4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build output is non-empty, goreleaser leaks the environment. PoC Create a Go project with dependencies, do not pull them yet or run goreleaser later in a container, or...
goreleaser shows environment by default
Summary Since 4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build output is non-empty, goreleaser leaks the environment. PoC Create a Go project with dependencies, do not pull them yet or run goreleaser later in a container, or...
AZL-40428 CVE-2024-24787 affecting package msft-golang for versions less than 1.22.3
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...
Exploit for Injection in Atlassian Confluence_Data_Center
Executing Arbitrary Code In Confluence Memory CVE-2023-22527...
Amazon Linux 2 : golang (ALAS-2023-2313)
The version of golang installed on the remote host is prior to 1.20.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2313 advisory. 2024-01-03: CVE-2023-39319 was added to this advisory. 2023-10-30: CVE-2023-39318 was added to this advisory. The...
CVE-2023-39323
A flaw was found in the golang cmd/go standard library. A line directive "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running "go...
SUSE CVE-2023-39323
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
CVE-2023-39323
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
DEBIAN-CVE-2023-39323
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
CVE-2023-39323
CVE-2023-39323 affects golang (Go) where the //line directive can bypass //go:cgo_ restrictions, potentially enabling arbitrary code execution during go build. Connected advisories indicate affected golang packages across distributions with versions below patched releases (e.g., Mariner: < 1.2...
CVE-2023-39323
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
CVE-2023-39323 Arbitrary code execution during build via line directives in cmd/go
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
GO-2023-2095 Arbitrary code execution during build via line directives in cmd/go
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
Xsubfind3R - A CLI Utility To Find Domain'S Known Subdomains From Curated Passive Online Sources
xsubfind3r is a command-line interface CLI utility to find domain's known subdomains from curated passive online sources. Features Fetches domains from curated passive sources to maximize results. Supports stdin and stdout for easy integration into workflows. Cross-Platform Windows, Linux & macOS...
DEBIAN-CVE-2023-29405
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...
AZL-37510 CVE-2023-29404 affecting package golang for versions less than 1.21.6-1
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...