VDB
GCVE-110-MAGEIA-2018-89
GCVE-110-MAGEIA-2018-89
Advisory Published
An arbitrary command execution flaw was found in the way Go's "go get"
command handled the checkout of source code repositories. A remote
attacker capable of hosting malicious repositories could potentially use
this flaw to cause arbitrary command execution on the client side
(CVE-2017-15041).
It was found that smtp.PlainAuth authentication scheme in Go did not
verify the TLS requirement properly. A remote man-in-the-middle attacker
could potentially use this flaw to sniff SMTP credentials sent by a Go
application (CVE-2017-15042).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | tellico | 0 (affected), 3.0.2-1.2.mga6 (unaffected) | — |
| Mageia | golang | 0 (affected), 1.9.1-1.mga6 (unaffected), 0 (affected), 1.9.1-1.mga6 (unaffected) | — |
References
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.