Lucene search

[email protected]NVD:CVE-2021-3115

HistoryJan 26, 2021 - 6:16 p.m.

CVE-2021-3115

2021-01-2618:16:27

CWE-427

[email protected]

web.nvd.nist.gov

command injection

remote code execution

windows

cgo

cve-2021-3115

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.017

Percentile

87.9%

JSON

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

Affected configurations

Nvd

Node

microsoftwindowsMatch-

AND

golanggoRange<1.14.14

golanggoRange1.15–1.15.7

Node

fedoraprojectfedoraMatch33

Node

netappcloud_insights_telegraf_agentMatch-

netappstoragegridMatch-

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
golanggo*cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
netappcloud_insights_telegraf_agent-cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
netappstoragegrid-cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
golang	go	*	cpe:2.3:a:golang:go::::::::
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
netapp	cloud_insights_telegraf_agent	-	cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:::::::*
netapp	storagegrid	-	cpe:2.3:a:netapp:storagegrid:-:::::::*