github.com/bits-and-blooms/bloom is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the library depending on a library but referencing it with an old URL (github.com/GoASTScanner/gas
), which leads to dependency confusion. An attacker can register the old GitHub user-name and upload malicious code to the old repo namespace, allowing a remote attacker to execute malicious code.