Go prior to 1.8.7, Go 1.9.x prior to 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
golang go 1.9 |
||
golang go 1.10 |
||
golang go 1.9.1 |
||
golang go 1.9.2 |
||
golang go 1.9.3 |
||
golang go |
||
debian debian linux 9.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server aus 7.6 |