Lucene search
Veracode Vulnerability DatabaseVERACODE:5799HistoryFeb 08, 2018 - 4:38 a.m.
Arbitrary Code Execution
2018-02-0804:38:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.032 Low
EPSS
Percentile
91.2%
github.com/golang/go is vulnerable to arbitrary code execution attacks. The application does not filter the compiler flag variables -fplugin= and -plugin= when the go get command is run, allowing a malicious user to inject and execute arbitrary code by loading compiler plugins.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/golang/go | eq | HEAD | |
| github.com/golang/go | le | 1.8.6 | |
| github.com/golang/go | le | 1.10rc1 | |
| github.com/golang/go | le | 1.9.3 |
References
access.redhat.com/errata/RHSA-2018:0878
access.redhat.com/errata/RHSA-2018:1304
github.com/golang/go/issues/23672
github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574
groups.google.com/forum/#!topic/golang-nuts/Gbhh1NxAjMU
groups.google.com/forum/#!topic/golang-nuts/sprOaQ5m3Dk
www.debian.org/security/2019/dsa-4380
Related
openvas
openvas
Fedora Update for golang FEDORA-2018-6f08b79a09
2018-02-28 00:00:00
Mageia: Security Advisory (MGASA-2018-0144)
2022-01-28 00:00:00
Fedora Update for golang FEDORA-2018-5562b6e2c0
2018-02-21 00:00:00
cve
cve
CVE-2018-6574
2018-02-07 21:29:00
debiancve
debiancve
CVE-2018-6574
2018-02-07 21:29:00
mageia
mageia
Updated golang packages fix security vulnerability
2018-02-26 19:23:22
osv
osv
CVE-2018-6574
2018-02-07 21:29:00
Remote command execution via "go get" command with cgo in cmd/go
2022-08-09 18:15:41
golang-1.8 - security update
2019-02-01 00:00:00
nvd
nvd
CVE-2018-6574
2018-02-07 21:29:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0117
2018-03-21 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0026
2018-03-19 00:00:00
Important Photon OS Security Update - PHSA-2018-0117
2018-03-21 00:00:00
nessus
nessus
Fedora 27 : golang (2018-5562b6e2c0)
2018-02-21 00:00:00
Photon OS 1.0: Go PHSA-2018-1.0-0117
2019-02-07 00:00:00
RHEL 7 : go-toolset-7 and go-toolset-7-golang (RHSA-2018:1304)
2018-05-04 00:00:00
archlinux
archlinux
[ASA-201802-2] go: arbitrary code execution
2018-02-09 00:00:00
[ASA-201802-3] go-pie: arbitrary code execution
2018-02-09 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: golang-1.8.7-1.fc26
2018-02-27 16:57:44
[SECURITY] Fedora 27 Update: golang-1.9.4-1.fc27
2018-02-20 17:20:36
gentoo
gentoo
Go: User-assisted execution of arbitrary code
2018-03-07 00:00:00
redhat
redhat
redhatcve
redhatcve
CVE-2018-6574
2018-02-08 18:18:55
alpinelinux
alpinelinux
CVE-2018-6574
2018-02-07 21:29:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:21:49
prion
prion
Command injection
2018-02-07 21:29:00
ubuntucve
ubuntucve
CVE-2018-6574
2018-02-07 00:00:00
cvelist
cvelist
CVE-2018-6574
2018-02-07 21:00:00
amazon
amazon
Medium: golang
2018-03-21 22:13:00
Medium: golang
2018-05-10 17:19:00
debian
debian
[SECURITY] [DSA 4380-1] golang-1.8 security update
2019-02-01 14:39:59
centos
centos
golang security update
2018-04-26 17:42:06