3 matches found
Golang 1.23.x < 1.23.11 / 1.24.x < 1.24.5 Command Execution
The version of Golang running on the remote host is 1.23.x prior to 1.23.11, 1.24.x prior to 1.24.3. It is, therefore, affected by a command execution vulnerability as referenced in 74380 advisory. - Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code...
CVE-2023-29405
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...
Google Golang Get Command Injection (CVE-2018-7187)
A command injection vulnerability exists in the golang client. This vulnerability is due to insufficient sanitization of user input by the go get command...