2 matches found
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...
OESA-2022-1606 golang security update
The Go Programming Language. Security Fixes: cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.CVE-2022-23773...