Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-26T02:14:51
Updated: 2024-08-03T16:45:51.223Z
Reserved: 2021-01-11T00:00:00
Link: CVE-2021-3115
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-01-26T18:16:27.630
Modified: 2024-11-21T06:20:54.910
Link: CVE-2021-3115
Redhat