QwikSec

Security Database

CVE

CWE

Training

CVE-2023-39320

Published: Sep 8, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.

Vendor	Product	Versions
Go toolchain	cmd/go	affected `1.21.0-0 - < 1.21.1`

References

https://go.dev/issue/62198

https://go.dev/cl/526158

https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ

https://pkg.go.dev/vuln/GO-2023-2042

https://security.netapp.com/advisory/ntap-20231020-0004/

https://security.gentoo.org/glsa/202311-09

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.