VDB
GO-2021-0068
GO-2021-0068
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Arbitrary code injection via the go command with cgo on Windows in cmd/go
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Go | toolchain | 0, 1.15.0-0, 0 |
Timeline
- Apr 14, 2021 CVE Published
- May 20, 2024 CVE Updated
References
- https://go.dev/cl/284783 patch
- https://go.googlesource.com/go/+/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0 patch
- https://go.dev/issue/43783 report
- https://groups.google.com/g/golang-announce/c/mperVMGa98w/m/yo5W5wnvAAAJ url
- https://go.dev/cl/284780 patch
- https://go.googlesource.com/go/+/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0 patch