CVE-2023-24531 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-24531 PUBLISHED

Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out.

EPSS 0.48% · 64.9th percentile

Risk Scores

EPSS Score

0.48%

64.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	golang	0
Bitnami	golang	0

Timeline

Jul 2, 2024 CVE Published
Jul 3, 2024 EPSS Score
Jul 25, 2024 EPSS Score
Aug 15, 2024 EPSS Score
Sep 6, 2024 EPSS Score
Sep 28, 2024 EPSS Score
Nov 10, 2024 EPSS Score
Dec 3, 2024 EPSS Score
Dec 25, 2024 EPSS Score
Jan 15, 2025 EPSS Score
Feb 6, 2025 EPSS Score
Feb 28, 2025 EPSS Score

References

Open in Interactive Console →