Poisoned Go programming language package lay undetected for 3 years

2025-02-04 17:28

Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.…

News URL

https://go.theregister.com/feed/www.theregister.com/2025/02/04/golang_supply_chain_attack/

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.