Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
18/11/2020
by Golang
4 months ago
by Netapp
2 years ago
by Netapp
2 years ago
by Debian
a month ago
by Fedoraproject
a month ago