VDB
GCVE-VVD-MAGEIA-2025-205
GCVE-VVD-MAGEIA-2025-205
Advisory Published
Various uses of the Go toolchain in untrusted VCS repositories can
result in unexpected code execution. When using the Go toolchain
in directories fetched using various VCS tools (such as directly
cloning Git or Mercurial repositories) can cause the toolchain to
execute unexpected commands, if said directory contains multiple
VCS configuration metadata (such as a '.hg' directory in a Git
repository). This is due to how the Go toolchain attempts to resolve
which VCS is being used in order to embed build information in binaries
and determine module versions.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | golang | 0 (affected), 1.24.5-1.mga9 (unaffected) | — |
| AWS | config | — | — |
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.