Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Go
Published: 2022-08-09T20:18:04
Updated: 2024-08-03T06:56:12.971Z
Reserved: 2022-05-11T00:00:00
Link: CVE-2022-30580
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-08-10T20:15:40.227
Modified: 2024-11-21T07:02:58.367
Link: CVE-2022-30580
Redhat