VDB

GCVE-VVD-MAGEIA-2025-205

GCVE-VVD-MAGEIA-2025-205
Advisory Published
Vulnetix · Advisory published July 11, 2025
Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools (such as directly cloning Git or Mercurial repositories) can cause the toolchain to execute unexpected commands, if said directory contains multiple VCS configuration metadata (such as a '.hg' directory in a Git repository). This is due to how the Go toolchain attempts to resolve which VCS is being used in order to embed build information in binaries and determine module versions.

Affected Products

VendorProductVersionsPlatforms
Mageiagolang0 (affected), 1.24.5-1.mga9 (unaffected)
AWSconfig

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›