Directory Traversal Vulnerability in Go Programming Language
CVE-2018-16874

6.8MEDIUM

Key Information:

Vendor

[unknown]

Status
Golang
Vendor
CVE Published:
14 December 2018

What is CVE-2018-16874?

In specific versions of the Go programming language, the 'go get' command is susceptible to a directory traversal vulnerability. This occurs when the '-import path-' includes a malicious Go package that contains curly braces, enabling an attacker to execute arbitrary file system writes in GOPATH mode. This security flaw can potentially lead to code execution, posing significant risks for users and developers relying on proper package management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

golang 1.10.6

golang 1.11.3

References

https://security.gentoo.org/glsa/201812-09
vendor-advisoryx_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16874
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106228
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.