Lucene search

Veracode Vulnerability DatabaseVERACODE:5822

HistoryFeb 20, 2018 - 2:33 a.m.

Arbitrary Code Execution

2018-02-2002:33:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

github.com/golang/go is vulnerable to arbitrary code execution attacks. The library does not properly validate the import path when the -insecure flag is used for the go get command. This allows a malicious user to execute arbitrary commands through the use of a malicious website.

CPENameOperatorVersion
github.com/golang/goeqHEAD
github.com/golang/gole1.10.5
github.com/golang/goeqHEAD
github.com/golang/gole1.10.5

Name	Operator	Version
github.com/golang/go	eq	HEAD
github.com/golang/go	le	1.10.5
github.com/golang/go	eq	HEAD
github.com/golang/go	le	1.10.5

References

gist.github.com/SLAYEROWNER/b2a358f13ab267f2e9543bb9f9320ffc

github.com/golang/go/commit/1102616c772c262175f5ba5f12d6b574d0ad9101

github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc

github.com/golang/go/issues/23867

lists.debian.org/debian-lts-announce/2018/02/msg00029.html

security.gentoo.org/glsa/201804-12

www.debian.org/security/2019/dsa-4379

www.debian.org/security/2019/dsa-4380

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Related for VERACODE:5822