CVE-2020-28367 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A flaw was found in go before 1.15.5 where the go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code.
Group Package Affected Fixed Severity Status Ticket
AVG-1278 go 2:1.15.4-1 2:1.15.5-1 High Fixed
Date Advisory Group Package Severity Type
17 Nov 2020 ASA-202011-16 AVG-1278 go High multiple issues
References
https://github.com/golang/go/issues/42558
https://github.com/golang/go/commit/ec06b6d6be568ce1591d91a0ea4f14c190d06605