cmd/go: Go VCS Command Execution Vulnerability

A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...

Linux Distros Unpatched Vulnerability : CVE-2025-4674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in...

ALSA-2025:13935 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

ALSA-2025:13941 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

AlmaLinux 9 : golang (ALSA-2025:13935)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:13935 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2025:13940)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:13940 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

RHEL 9 : golang (RHSA-2025:13939)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13939 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For...

ROS-20250814-04

Vulnerability in the moddavsvn module of the Subversion centralized version control system is related to a bug in the path-based authorization rule lookup. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

ROS-20250808-06

A vulnerability in the Golang programming language is related to the handling of untrusted version control system VCS repositories that contain malicious configuration. Version Control System VCS repositories containing malicious configuration. Exploitation of the vulnerability could allow an...

[SECURITY] Fedora 42 Update: reposurgeon-5.3-1.fc42

Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...

DEBIAN-CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

AZL-66101 CVE-2025-4674 affecting package golang for versions less than 1.22.7-5

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

AZL-66098 CVE-2025-4674 affecting package golang for versions less than 1.18.8-10

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

UBUNTU-CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

CVE-2025-4674

CVE-2025-4674 affects the Go toolchain (cmd/go) and its handling of VCS metadata. The issue arises when the Go command operates in untrusted VCS repositories that contain metadata from a different VCS, potentially enabling unexpected command execution. The affected component is the Go toolchain i...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the execution of unexpected commands in an untrusted VCS repository, which could lead to arbitrary code execution...

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...