DEBIAN-CVE-2021-3115

DEBIAN-CVE-2021-3115 PUBLISHED CVSS 7.5 HIGH

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	golang-1.15	0, 0, 0

Timeline

Jan 26, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-3115 advisory

Open in Interactive Console →