CVE-2018-12976

Published: Jul 5, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[golang-announce] 20180703 [security] Severe vulnerability in github.com/golang/gddo

mailing-list

x_refsource_MLIST

https://github.com/golang/gddo/commit/daffe1f90ec57f8ed69464f9094753fc6452e983

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-12976

Description

Affected Products

References