CVE-2024-24787 affecting package msft-golang for versions less than 1.22.3
Details
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.