Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.
https://github.com/golang/go/issues/42559
https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM
https://lists.apache.org/thread.html/[email protected]%3Cissues.trafficcontrol.apache.org%3E
Source: MITRE
Published: 2020-11-18
Updated: 2020-12-16
Type: CWE-94
Base Score: 5.1
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 4.9
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.6
Severity: HIGH
ID | Name | Product | Family | Severity |
---|---|---|---|---|
148062 | EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-1678) | Nessus | Huawei Local Security Checks | medium |
147555 | EulerOS Virtualization 3.0.6.6 : golang (EulerOS-SA-2021-1480) | Nessus | Huawei Local Security Checks | medium |
145933 | CentOS 8 : go-toolset:rhel8 (CESA-2020:5493) | Nessus | CentOS Local Security Checks | medium |
145749 | EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-1144) | Nessus | Huawei Local Security Checks | medium |
144999 | Amazon Linux AMI : golang (ALAS-2021-1471) | Nessus | Amazon Linux Local Security Checks | medium |
144801 | Amazon Linux 2 : golang (ALAS-2021-1578) | Nessus | Amazon Linux Local Security Checks | medium |
144699 | EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-1025) | Nessus | Huawei Local Security Checks | medium |
144686 | EulerOS : golang (EulerOS-SA-2021-1006) | Nessus | Huawei Local Security Checks | medium |
144562 | Oracle Linux 8 : go-toolset:ol8 (ELSA-2020-5493) | Nessus | Oracle Linux Local Security Checks | medium |
144460 | Amazon Linux AMI : golang (ALAS-2020-1471) (deprecated) | Nessus | Amazon Linux Local Security Checks | medium |
144407 | RHEL 8 : go-toolset:rhel8 (RHSA-2020:5493) | Nessus | Red Hat Local Security Checks | medium |
144315 | Fedora 32 : golang (2020-e971480183) | Nessus | Fedora Local Security Checks | medium |
144064 | Photon OS 3.0: Go PHSA-2020-3.0-0173 | Nessus | PhotonOS Local Security Checks | medium |
143660 | SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2020:3368-1) | Nessus | SuSE Local Security Checks | medium |
143648 | SUSE SLED15 / SLES15 Security Update : go1.14 (SUSE-SU-2020:3369-1) | Nessus | SuSE Local Security Checks | medium |
143469 | RHEL 7 : go-toolset-1.14-golang (RHSA-2020:5333) | Nessus | Red Hat Local Security Checks | medium |
143457 | openSUSE Security Update : go1.15 (openSUSE-2020-2139) | Nessus | SuSE Local Security Checks | medium |
143337 | openSUSE Security Update : go1.14 (openSUSE-2020-2047) | Nessus | SuSE Local Security Checks | medium |
143311 | openSUSE Security Update : go1.14 (openSUSE-2020-2067) | Nessus | SuSE Local Security Checks | medium |
143188 | Fedora 33 : golang (2020-864922e78a) | Nessus | Fedora Local Security Checks | medium |
142883 | FreeBSD : go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo (db4b2f27-252a-11eb-865c-00155d646400) | Nessus | FreeBSD Local Security Checks | medium |