Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-26T02:14:51

Updated: 2024-08-03T16:45:51.223Z

Reserved: 2021-01-11T00:00:00

Link: CVE-2021-3115

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-01-26T18:16:27.630

Modified: 2024-11-21T06:20:54.910

Link: CVE-2021-3115

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-01-20T00:00:00Z

Links: CVE-2021-3115 - Bugzilla