Main
Vulnerability Database
Exploits
ID:7903 - Exploit for Command injection in Go programming language - CVE-2018-6574
ID:7903 - Exploit for Command injection in Go programming language - CVE-2018-6574
Published: May 27, 2022
Vulnerability identifier: #VU12162
Vulnerability risk: Low
CVE-ID: CVE-2018-6574
CWE-ID: CWE-77
Exploitation vector: Remote access
Vulnerable software:
Go programming language
Go programming language
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The weakness exists due to "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. A remote attacker can execute arbitrary commands.
The weakness exists due to "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. A remote attacker can execute arbitrary commands.
Remediation
Update to versions 1.8.7, 1.9.4 or 1.10rc2.