CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:37

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/', 'name': 'FEDORA-2021-e435a8bb88', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ -

14 Sep 2022, 21:02

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202208-02 - (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory

04 Aug 2022, 16:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202208-02 -

03 May 2022, 16:04

Type Values Removed Values Added
CWE CWE-94 CWE-427

24 Feb 2021, 19:18

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ - Third Party Advisory (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20210219-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20210219-0001/ - Third Party Advisory

19 Feb 2021, 13:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210219-0001/ -

11 Feb 2021, 20:56

Type Values Removed Values Added
CWE CWE-77 CWE-94
CVSS v2 : 7.5
v3 : 9.8
v2 : 5.1
v3 : 7.5
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ - Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

06 Feb 2021, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ -

02 Feb 2021, 17:33

Type Values Removed Values Added
References (CONFIRM) https://groups.google.com/g/golang-announce/c/mperVMGa98w - (CONFIRM) https://groups.google.com/g/golang-announce/c/mperVMGa98w - Release Notes, Third Party Advisory
References (CONFIRM) https://blog.golang.org/path-security - (CONFIRM) https://blog.golang.org/path-security - Vendor Advisory
CWE CWE-77
CPE cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8

26 Jan 2021, 18:16

Type Values Removed Values Added
New CVE

Information

Published : 2021-01-26 18:16

Updated : 2023-12-10 13:41


NVD link : CVE-2021-3115

Mitre link : CVE-2021-3115

CVE.ORG link : CVE-2021-3115


JSON object : View

Products Affected

golang

  • go

microsoft

  • windows

netapp

  • storagegrid
  • cloud_insights_telegraf_agent

fedoraproject

  • fedora
CWE
CWE-427

Uncontrolled Search Path Element