CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:20

Type Values Removed Values Added
References () https://blog.golang.org/path-security - Vendor Advisory () https://blog.golang.org/path-security - Vendor Advisory
References () https://groups.google.com/g/golang-announce/c/mperVMGa98w - Release Notes, Third Party Advisory () https://groups.google.com/g/golang-announce/c/mperVMGa98w - Release Notes, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ -
References () https://security.gentoo.org/glsa/202208-02 - Third Party Advisory () https://security.gentoo.org/glsa/202208-02 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20210219-0001/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20210219-0001/ - Third Party Advisory

07 Nov 2023, 03:37

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/', 'name': 'FEDORA-2021-e435a8bb88', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ -

Information

Published : 2021-01-26 18:16

Updated : 2024-11-21 06:20


NVD link : CVE-2021-3115

Mitre link : CVE-2021-3115

CVE.ORG link : CVE-2021-3115


JSON object : View

Products Affected

golang

  • go

microsoft

  • windows

netapp

  • cloud_insights_telegraf_agent
  • storagegrid

fedoraproject

  • fedora
CWE
CWE-427

Uncontrolled Search Path Element