Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
References
Link | Resource |
---|---|
https://blog.golang.org/path-security | Vendor Advisory |
https://groups.google.com/g/golang-announce/c/mperVMGa98w | Release Notes Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ | |
https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210219-0001/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:37
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
14 Sep 2022, 21:02
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory |
04 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2022, 16:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-427 |
24 Feb 2021, 19:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210219-0001/ - Third Party Advisory |
19 Feb 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Feb 2021, 20:56
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 7.5 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ - Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
06 Feb 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2021, 17:33
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://groups.google.com/g/golang-announce/c/mperVMGa98w - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://blog.golang.org/path-security - Vendor Advisory | |
CWE | CWE-77 | |
CPE | cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-26 18:16
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3115
Mitre link : CVE-2021-3115
CVE.ORG link : CVE-2021-3115
JSON object : View
Products Affected
golang
- go
microsoft
- windows
netapp
- storagegrid
- cloud_insights_telegraf_agent
fedoraproject
- fedora
CWE
CWE-427
Uncontrolled Search Path Element