7.9 High
AI Score
Confidence
High
0.017 Low
EPSS
Percentile
88.0%
The go command may execute arbitrary code at build time when using cgo on Windows. This can be triggered by running go get on a malicious module, or any other time the code is built.
go.dev/cl/284780
go.dev/cl/284783
go.dev/issue/43783
go.googlesource.com/go/+/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0
go.googlesource.com/go/+/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0
groups.google.com/g/golang-announce/c/mperVMGa98w/m/yo5W5wnvAAAJ