Lucene search
Ubuntu.comUB:CVE-2023-45285HistoryDec 06, 2023 - 12:00 a.m.
CVE-2023-45285
2023-12-0600:00:00
ubuntu.com
ubuntu.com
10
go language
module fetching
protocol security
module proxy
unix
Using go get to fetch a module with the โ.gitโ suffix may unexpectedly
fallback to the insecure โgit://โ protocol if the module is unavailable via
the secure โhttps://โ and โgit+ssh://โ protocols, even if GOINSECURE is not
set for said module. This only affects users who are not using the module
proxy and are fetching modules directly (i.e. GOPROXY=off).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 20.04 | noarch | golang-1.20 | <ย 1.20.3-1ubuntu0.1~20.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | golang-1.20 | <ย 1.20.3-1ubuntu0.1~22.04.1 | UNKNOWN |
| ubuntu | 23.04 | noarch | golang-1.20 | <ย 1.20.3-1ubuntu0.2 | UNKNOWN |
| ubuntu | 23.10 | noarch | golang-1.20 | <ย 1.20.8-1ubuntu0.23.10.1 | UNKNOWN |
| ubuntu | 20.04 | noarch | golang-1.21 | <ย 1.21.1-1~ubuntu20.04.2 | UNKNOWN |
| ubuntu | 22.04 | noarch | golang-1.21 | <ย 1.21.1-1~ubuntu22.04.2 | UNKNOWN |
| ubuntu | 23.04 | noarch | golang-1.21 | <ย 1.21.1-1~ubuntu23.04.2 | UNKNOWN |
| ubuntu | 23.10 | noarch | golang-1.21 | <ย 1.21.1-1ubuntu0.23.10.1 | UNKNOWN |
References
github.com/golang/go/commit/23c943e5296c6fa3a6f9433bd929306c4dbf2aa3 (go1.21.5)
github.com/golang/go/commit/46bc33819ac86a9596b8059235842f0e0c7469bd (go1.20.12)
go.dev/issue/63845
launchpad.net/bugs/cve/CVE-2023-45285
nvd.nist.gov/vuln/detail/CVE-2023-45285
security-tracker.debian.org/tracker/CVE-2023-45285
ubuntu.com/security/notices/USN-6574-1
www.cve.org/CVERecord?id=CVE-2023-45285
Related
osv
osv
BIT-golang-2023-45285
2024-03-06 10:52:37
Command 'go get' may unexpectedly fallback to insecure git in cmd/go
2023-12-06 16:22:51
CVE-2023-45285
2023-12-06 17:15:07
cve
cve
CVE-2023-45285
2023-12-06 17:15:07
cgr
cgr
CVE-2023-45285 vulnerabilities
2024-05-19 03:07:16
prion
prion
Code injection
2023-12-06 17:15:00
redhatcve
redhatcve
CVE-2023-45285
2023-12-07 12:35:36
cvelist
cvelist
debiancve
debiancve
CVE-2023-45285
2023-12-06 17:15:07
veracode
veracode
Insecure Protocol Handling
2023-12-12 06:42:34
wolfi
wolfi
CVE-2023-45285 vulnerabilities
2024-05-29 03:07:31
cbl_mariner
cbl_mariner
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1
2024-05-29 03:07:37
nessus
nessus
Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-0887)
2024-02-23 00:00:00
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2024:0887)
2024-02-22 00:00:00
RHEL 8 : go-toolset:rhel8 (RHSA-2024:0887)
2024-02-20 00:00:00
oraclelinux
oraclelinux
go-toolset:ol8 security update
2024-02-22 00:00:00
golang security update
2024-03-06 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1313)
2024-03-13 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1214)
2024-03-12 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1335)
2024-03-13 00:00:00
redhat
redhat
(RHSA-2024:1131) Moderate: golang security update
2024-03-05 15:32:14
(RHSA-2024:1041) Moderate: go-toolset-1.19-golang security update
2024-02-29 08:58:39
(RHSA-2024:0887) Moderate: go-toolset:rhel8 security update
2024-02-20 11:21:14
fedora
fedora
[SECURITY] Fedora 39 Update: golang-1.21.6-1.fc39
2024-01-20 03:24:19
ibm
ibm
Security Bulletin: There are vulnerabilities in Golang related packages that are shipped with IBM CICS TX Advanced (CVE-2023-45285 and CVE-2023-39326).
2024-03-19 12:03:05
almalinux
almalinux
Moderate: golang security update
2024-03-05 00:00:00
Moderate: go-toolset:rhel8 security update
2024-02-20 00:00:00
redos
redos
ROS-20240402-17
2024-04-02 00:00:00
mageia
mageia
Updated golang packages fix security vulnerabilities
2023-12-18 01:40:49
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0531
2023-12-22 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0176
2023-12-21 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0702
2023-12-21 00:00:00
ubuntu
ubuntu
Go vulnerabilities
2024-01-11 00:00:00