go has injection vulnerability. The vulnerability exists due to a lack of sanitization in Cmd.Start in os/exec allowing execution of any binaries in the working directory named either “…com” or “…exe” by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.