Command Injection Vulnerability in Go on Windows Platforms
CVE-2021-3115

7.5HIGH

Key Information:

Vendor

Golang

Status
Go
Vendor
CVE Published:
26 January 2021

What is CVE-2021-3115?

A vulnerability exists in Go versions prior to 1.14.14 and in 1.15.x versions before 1.15.7 on Windows. This flaw arises when the 'go get' command is utilized for fetching modules that leverage cgo. It potentially allows command injection and remote code execution, as cgo can execute GCC or other commands from untrusted downloads. This puts developers and applications at risk if malicious modules are fetched inadvertently.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://groups.google.com/g/golang-announce/c/mperVMGa98w
x_refsource_CONFIRM
https://blog.golang.org/path-security
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.