BIT-golang-2023-29402

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/golang/BIT-golang-2023-29402.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-golang-2023-29402
Aliases
Published
2024-03-06T10:55:47.592Z
Modified
2024-12-16T07:39:10.890Z
Summary
[none]
Details

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).

Database specific
{
    "cpes": [
        "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}
References

Affected packages

Bitnami / golang

Package

Name
golang
Purl
pkg:bitnami/golang

Severity

  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.10
Introduced
1.20.0
Fixed
1.20.5