5.1
CVSSv2

CVE-2020-28366

Published: 18/11/2020 Updated: 02/12/2020
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

Go prior to 1.14.12 and 1.15.x prior to 1.15.5 allows Code Injection.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

golang go

fedoraproject fedora 33

Vendor Advisories

Synopsis Moderate: go-toolset-114-golang security update Type/Severity Security Advisory: Moderate Topic An update for go-toolset-114-golang is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...
A flaw was found in go beforer 1155 where the go command may execute arbitrary code at build time when cgo is in use This may occur when running go get on a malicious package, or any other command that builds untrusted code ...
Arch Linux Security Advisory ASA-202011-16 ========================================== Severity: High Date : 2020-11-17 CVE-ID : CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 Package : go Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1278 Summary ======= The package go before version 2:1155-1 is vulnera ...