VDB

GCVE-110-MAGEIA-2018-89

GCVE-110-MAGEIA-2018-89
Advisory Published
Vulnetix · Advisory published January 21, 2018
An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side (CVE-2017-15041). It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application (CVE-2017-15042).

Affected Products

VendorProductVersionsPlatforms
Mageiatellico0 (affected), 3.0.2-1.2.mga6 (unaffected)
Mageiagolang0 (affected), 1.9.1-1.mga6 (unaffected), 0 (affected), 1.9.1-1.mga6 (unaffected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›