VDB
CVE-2023-24531
CVE-2023-24531
PUBLISHED
Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out.
EPSS 0.60% · 70.0th percentile
Risk Scores
EPSS Score
0.60%
70.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | golang | 0 |
| Bitnami | golang | 0 |
Exploit Intelligence
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
Timeline
- Jul 2, 2024 CVE Published
- Jul 3, 2024 EPSS Score
- Jul 25, 2024 EPSS Score
- Aug 17, 2024 EPSS Score
- Sep 8, 2024 EPSS Score
- Sep 30, 2024 EPSS Score
- Nov 14, 2024 EPSS Score
- Dec 7, 2024 EPSS Score
- Dec 29, 2024 EPSS Score
- Jan 20, 2025 EPSS Score
- Feb 12, 2025 EPSS Score
- Mar 6, 2025 EPSS Score
References
- https://go.dev/cl/488375 url
- https://go.dev/cl/493535 url
- https://go.dev/issue/58508 url
- https://groups.google.com/g/golang-dev/c/ixHOFpSbajE/m/8EjlbKVWAwAJ url
- https://pkg.go.dev/vuln/GO-2024-2962 url
- https://security.netapp.com/advisory/ntap-20250328-0005/ url
- https://nvd.nist.gov/vuln/detail/CVE-2023-24531 url
- Multiples vulnérabilités dans VMware Tanzu advisory
- Multiples vulnérabilités dans les produits VMware advisory