45 matches found
CVE-2025-48938 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...
go-gh 安全漏洞
go-gh is a collection of Go modules open sourced from the GitHub CLI. It is used to interact with gh and GitHub APIs from the command line. A security vulnerability exists in go-gh versions prior to 2.12.1, which stems from an attacker-controlled GitHub Enterprise Server could lead to the executi...
CVE-2024-24787
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable. The names of the packages are listed below - github.com/truthfulpharm/prototransfor...
PT-2025-5698 · Wasmvm · Wasmvm
Name of the Vulnerable Software and Affected Versions: wasmvm versions 2.2.0 through 2.2.1 wasmvm versions 2.1.0 through 2.1.4 wasmvm versions 2.0.0 through 2.0.5 wasmvm versions prior to 1.5.8 Description: The issue can be used to crash the chain and is present on both permissioned and...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )
Summary Nginx is used by IBM Cloud Pak for Data as part of the web interface. CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods o...
SUSE CVE-2024-24787
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...
golang: cmd/go: Protocol Fallback when fetching modules
A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available...
[SECURITY] Fedora 38 Update: golang-x-mod-0.14.0-1.fc38
This packages holds packages for writing tools that work directly with Go mod ule mechanics. That is, it is for direct manipulation of Go modules themselves...
Fedora: Security Advisory (FEDORA-2024-fb32950d11)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2023-1935 golang security update
. Security Fixes: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...
SUSE CVE-2023-45285
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
DEBIAN-CVE-2023-45285
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
UBUNTU-CVE-2023-45285
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
grafana-pcp security and enhancement update
5.1.1-1 - update to 5.1.1 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 5.0.0-4 - update to 5.0.0 tagged upstream community sources, see CHANGELOG - install plugin in /usr/share and create symlink from /var...
CVE-2022-45155
An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...
openSUSE 安全漏洞
openSUSE is a suite of Linux-based free operating systems and open source community projects from the German company SUSE. A security vulnerability exists in SUSE openSUSE Factory obs-service-gomodules versions prior to 0.6.1, which stems from a vulnerability that allows an attacker to delete fil...
traefik -- Use of vulnerable Go modules net/http, net/textproto
The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...
SUSE CVE-2022-45155
An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...
[SECURITY] Fedora 36 Update: golang-x-mod-0.6.0~dev-4.20220330git9b9b3d8.fc36
This packages holds packages for writing tools that work directly with Go mod ule mechanics. That is, it is for direct manipulation of Go modules themselves...