CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:37

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/', 'name': 'FEDORA-2021-e435a8bb88', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ -

Information

Published : 2021-01-26 18:16

Updated : 2024-02-28 18:08


NVD link : CVE-2021-3115

Mitre link : CVE-2021-3115

CVE.ORG link : CVE-2021-3115


JSON object : View

Products Affected

netapp

  • cloud_insights_telegraf_agent
  • storagegrid

golang

  • go

microsoft

  • windows

fedoraproject

  • fedora
CWE
CWE-427

Uncontrolled Search Path Element