golang.org/x/tools/gopls: golang: gopls: Arbitrary code execution due to insecure network binding
A flaw was found in gopls. When started with -listen using a hostless address for example :8080 or with -port, the language server binds to 0.0.0.0 instead of localhost, exposing the debug interface to the local network and allowing arbitrary code execution by a malicious party on the same networ...