Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-03T16:45:51.223Z
Reserved: 2021-01-11T00:00:00
Link: CVE-2021-3115

No data.

Status : Modified
Published: 2021-01-26T18:16:27.630
Modified: 2024-11-21T06:20:54.910
Link: CVE-2021-3115


No data.