AI Score
Confidence
Low
EPSS
Percentile
84.1%
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
go.dev/cl/269658
go.dev/issue/42559
go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292
groups.google.com/g/golang-announce/c/NpBGTTmKzpM
pkg.go.dev/vuln/GO-2022-0475