6 matches found
golang: cmd/go: go command may generate unexpected code at build time when using cgo
A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names...
SUSE CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...
UBUNTU-CVE-2018-16874
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...
CVE-2018-16873
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...
UBUNTU-CVE-2018-16873
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...
PT-2018-3478 · Go +2 · Go +2
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command and is caused by insufficient input validation, specifically when using the -u flag with a malicious import path. This ca...