Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
References
Link | Resource |
---|---|
https://blog.golang.org/path-security | Vendor Advisory |
https://groups.google.com/g/golang-announce/c/mperVMGa98w | Release Notes Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ | |
https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210219-0001/ | Third Party Advisory |
https://blog.golang.org/path-security | Vendor Advisory |
https://groups.google.com/g/golang-announce/c/mperVMGa98w | Release Notes Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ | |
https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210219-0001/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 06:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.golang.org/path-security - Vendor Advisory | |
References | () https://groups.google.com/g/golang-announce/c/mperVMGa98w - Release Notes, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ - | |
References | () https://security.gentoo.org/glsa/202208-02 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20210219-0001/ - Third Party Advisory |
07 Nov 2023, 03:37
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-01-26 18:16
Updated : 2024-11-21 06:20
NVD link : CVE-2021-3115
Mitre link : CVE-2021-3115
CVE.ORG link : CVE-2021-3115
JSON object : View
Products Affected
golang
- go
microsoft
- windows
netapp
- cloud_insights_telegraf_agent
- storagegrid
fedoraproject
- fedora
CWE
CWE-427
Uncontrolled Search Path Element