8.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.9%
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
security.gentoo.org/glsa/202208-02
security.netapp.com/advisory/ntap-20220225-0006/
www.oracle.com/security-alerts/cpujul2022.html