Vulnerabilities > Golang > GO > 1.9.5

DATE CVE VULNERABILITY TITLE RISK
2018-12-14 CVE-2018-16873 Improper Input Validation vulnerability in multiple products
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly.
network
high complexity
golang opensuse suse debian CWE-20
8.1
8.1