215 matches found
PT-2025-5822 · Bolt · Bolt
Name of the Vulnerable Software and Affected Versions: bolt affected versions not specified Description: The issue concerns a malicious module that attempts to take advantage of confusion with the github.com/boltdb/bolt module, acting as a typosquat. Recommendations: At the moment, there is no...
Backdrop CMS 1.27.1 Remote Command Execution
Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Date: 04/27/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os impor...
BIT-GOLANG-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...
BIT-GOLANG-2023-29405 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...
Malicious Module can change the policy commit of a Gnosis Safe console Account
Lines of code Vulnerability details Impact The overall design of the Gnosis safe allows for the addition of a Module, modules are smart contracts that extend the ability of the Gnosis safe, which means that a module can be setup in such a way that it can perform actions that is meant to improve t...
Arbitrary Code Execution
go is vulnerable to Arbitrary Code Execution. The vulnerability may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code because arguments for a number of flags which are non-optional are incorrectly considered optional, allowing...
Argument Injection
go is vulnerable to Argument Injection. Running "go get" or any intrusted code on a malicious module may execute arbitrary code at build time...
CVE-2023-29405
A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...
CVE-2023-29404
A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...
CVE-2023-29404
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...
CVE-2023-29405
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...
DEBIAN-CVE-2023-29405
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...
AZL-37337 CVE-2023-29404 affecting package golang for versions less than 1.21.6-1
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...
Command injection
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...
Command injection
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...
UBUNTU-CVE-2023-29404
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...
CVE-2023-29405 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...
CVE-2023-29405 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...
CVE-2023-29405
CVE-2023-29405 affects the Go toolchain when using cgo with the go command. The vulnerability arises from how linker flags are parsed in #cgo LDFLAGS, where flags containing embedded spaces can be smuggled through LDFLAGS sanitization, and this only affects the gccgo workflow. The impact is poten...
CVE-2023-29405
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...