---

CVE-2020-28366 - log back

CVE-2020-28366 edited at 12 Nov 2020 22:55:16
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution

CVE-2020-28366 edited at 12 Nov 2020 22:52:57
Description	+ A flaw was found in go beforer 1.15.5 where the go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code.
References	+ https://github.com/golang/go/issues/42562 + https://github.com/golang/go/commit/32159824698a82a174b60a6845e8494ae3243102
Notes

CVE-2020-28366 created at 12 Nov 2020 22:16:12