Lucene search
K

144 matches found

NVD
NVD
added 2025/07/29 10:15 p.m.6 views

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS0.00273EPSS
Exploits0References5
OSV
OSV
added 2025/07/29 10:15 p.m.5 views

AZL-66098 CVE-2025-4674 affecting package golang for versions less than 1.18.8-10

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS7.3AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/07/29 10:15 p.m.5 views

AZL-66101 CVE-2025-4674 affecting package golang for versions less than 1.22.7-5

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS7.3AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/07/29 10:15 p.m.5 views

UBUNTU-CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.7AI score0.00273EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/29 9:19 p.m.2 views

CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

6.8AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2025/07/29 9:19 p.m.135 views

CVE-2025-4674

CVE-2025-4674 affects the Go toolchain (cmd/go) and its handling of VCS metadata. The issue arises when the Go command operates in untrusted VCS repositories that contain metadata from a different VCS, potentially enabling unexpected command execution. The affected component is the Go toolchain i...

8.6CVSS6.7AI score0.00273EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2025/07/29 9:19 p.m.3 views

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.6AI score0.00273EPSS
Exploits0
Cvelist
Cvelist
added 2025/07/29 9:19 p.m.10 views

CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

0.00273EPSS
Exploits0References4
OSV
OSV
added 2025/07/29 9:2 p.m.3 views

GO-2025-3828 Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.6AI score0.00273EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/23 12:0 a.m.4 views

Fedora 41 : golang (2025-ef6e0fa117)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ef6e0fa117 advisory. go1.23.11 released 2025-07-08 includes security fixes to the go command, as well as bug fixes to the compiler, the linker, and the runtime. See the issue...

5.6AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/07/08 11:35 p.m.3 views

SUSE CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS7.5AI score0.00273EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2025/04/23 12:0 a.m.9 views

Fedora 40 : golang (2025-f974cb8ce5)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f974cb8ce5 advisory. Includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. Full changelog. Tenable has extracted the...

9.1CVSS7.3AI score0.01001EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2023-29402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This...

9.8CVSS6.8AI score0.01708EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-16874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Go before 1.10.6 and 1.11.x before 1.11.3, the go get command is vulnerable to directory traversal when executed with the import path of a malicious Go packa...

8.1CVSS7.2AI score0.05039EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:7 a.m.31 views

BIT-GOLANG-2020-28366 Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

7.5CVSS8.1AI score0.02244EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:7 a.m.28 views

BIT-GOLANG-2020-28367 Arbitrary code execution via the go command with cgo in cmd/go

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

7.5CVSS8.2AI score0.02369EPSS
Exploits0References7
OSV
OSV
added 2024/03/06 10:55 a.m.35 views

BIT-GOLANG-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

9.8CVSS9.1AI score0.01837EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.22 views

EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-2810)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization...

9.8CVSS7.5AI score0.02081EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/12/15 12:0 a.m.6 views

Fedora 39 : golang (2023-e57f5a2301)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e57f5a2301 advisory. This release includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/12/14 12:0 a.m.12 views

Fedora 38 : golang (2023-ace2655259)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ace2655259 advisory. This release includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command...

5.6AI score
Exploits0References1
Rows per page
Query Builder