CVE-2020-28367 log
Source |
|
Severity | High |
Remote | Yes |
Type | Arbitrary code execution |
Description | A flaw was found in go before 1.15.5 where the go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1278 | go | 2:1.15.4-1 | 2:1.15.5-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
17 Nov 2020 | ASA-202011-16 | AVG-1278 | go | High | multiple issues |
References |
---|
https://github.com/golang/go/issues/42558 https://github.com/golang/go/commit/ec06b6d6be568ce1591d91a0ea4f14c190d06605 |