Vulnerabilities > Golang > GO > 1.7.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-14 | CVE-2018-16873 | Improper Input Validation vulnerability in multiple products In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. | 8.1 |
2018-02-16 | CVE-2018-7187 | OS Command Injection vulnerability in multiple products The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | 9.3 |
2018-02-07 | CVE-2018-6574 | Code Injection vulnerability in multiple products Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. | 7.8 |
2017-10-05 | CVE-2017-15042 | Cleartext Transmission of Sensitive Information vulnerability in Golang GO An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. | 4.3 |
2017-10-05 | CVE-2017-15041 | Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. | 7.5 |
2017-10-05 | CVE-2017-1000098 | Uncontrolled File Descriptor Consumption vulnerability in Golang GO The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. | 7.5 |
2017-10-05 | CVE-2017-1000097 | Improper Certificate Validation vulnerability in Golang GO On Darwin, user's trust preferences for root certificates were not honored. | 7.5 |
2017-07-06 | CVE-2017-8932 | Incorrect Calculation vulnerability in multiple products A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. | 5.9 |