VDB
CVE-2023-39320
CVE-2023-39320
PUBLISHED
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.
EPSS 0.80% · 74.3th percentile
Risk Scores
EPSS Score
0.80%
74.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | golang | 1.21.0 |
| Bitnami | golang | 1.21.0 |
Timeline
- Sep 6, 2023 CVE Published
- Sep 9, 2023 EPSS Score
- Oct 11, 2023 EPSS Score
- Dec 15, 2023 EPSS Score
- Jan 17, 2024 EPSS Score
- Feb 18, 2024 EPSS Score
- Apr 23, 2024 EPSS Score
- May 26, 2024 EPSS Score
- Jun 27, 2024 EPSS Score
- Aug 31, 2024 EPSS Score
- Oct 3, 2024 EPSS Score
- Nov 4, 2024 EPSS Score
References
- https://go.dev/cl/526158 url
- https://go.dev/issue/62198 url
- https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ url
- https://pkg.go.dev/vuln/GO-2023-2042 url
- https://security.gentoo.org/glsa/202311-09 url
- https://security.netapp.com/advisory/ntap-20231020-0004/ url
- https://nvd.nist.gov/vuln/detail/CVE-2023-39320 url
- Multiples vulnérabilités dans VMware Tanzu Greenplum advisory