144 matches found
CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
AZL-66098 CVE-2025-4674 affecting package golang for versions less than 1.18.8-10
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
AZL-66101 CVE-2025-4674 affecting package golang for versions less than 1.22.7-5
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
UBUNTU-CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674
CVE-2025-4674 affects the Go toolchain (cmd/go) and its handling of VCS metadata. The issue arises when the Go command operates in untrusted VCS repositories that contain metadata from a different VCS, potentially enabling unexpected command execution. The affected component is the Go toolchain i...
CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
GO-2025-3828 Unexpected command execution in untrusted VCS repositories in cmd/go
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
Fedora 41 : golang (2025-ef6e0fa117)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ef6e0fa117 advisory. go1.23.11 released 2025-07-08 includes security fixes to the go command, as well as bug fixes to the compiler, the linker, and the runtime. See the issue...
SUSE CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
Fedora 40 : golang (2025-f974cb8ce5)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f974cb8ce5 advisory. Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. Full changelog. Tenable has extracted the...
Linux Distros Unpatched Vulnerability : CVE-2023-29402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This...
Linux Distros Unpatched Vulnerability : CVE-2018-16874
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Go before 1.10.6 and 1.11.x before 1.11.3, the go get command is vulnerable to directory traversal when executed with the import path of a malicious Go packa...
BIT-GOLANG-2020-28366 Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...
BIT-GOLANG-2020-28367 Arbitrary code execution via the go command with cgo in cmd/go
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...
BIT-GOLANG-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-2810)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization...
Fedora 39 : golang (2023-e57f5a2301)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e57f5a2301 advisory. This release includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command...
Fedora 38 : golang (2023-ace2655259)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ace2655259 advisory. This release includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command...