---

CVE-2020-28367 - log back

CVE-2020-28367 edited at 12 Nov 2020 22:45:13
Severity	- Medium + High
Remote	- Local + Remote

CVE-2020-28367 edited at 12 Nov 2020 22:45:05
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ A flaw was found in go before 1.15.5 where the go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code.
References	+ https://github.com/golang/go/issues/42558 + https://github.com/golang/go/commit/ec06b6d6be568ce1591d91a0ea4f14c190d06605
Notes

CVE-2020-28367 created at 12 Nov 2020 22:16:12