7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
github.com/golang/go is vulnerable to improper access control. A remote attacker is able to exploit the vulnerability by imposing as an actor who is supposed to be creating branches but not tags, then tricking the library to misinterpret branch names that falsely appear to be version tags.
github.com/golang/go/commit/de76489a1b1cfce6b1258040c15b18ed97847758
github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081
github.com/golang/go/issues/35671
groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
security.gentoo.org/glsa/202208-02
security.netapp.com/advisory/ntap-20220225-0006/
www.oracle.com/security-alerts/cpujul2022.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N