Vulnerability identifier: #VU62037
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: Yes
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists within cmd/go, which can misinterpret branch names that falsely appear to be version tags. This can lead to a situation where an attacker can bypass implemented security restrictions and perform restricted actions, e.g. create tags when access was granted to create branches only.
Install updates from vendor's website.
Vulnerable software versions
Go programming language: 1.17 - 1.17.6, 1.16 - 1.16.13
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?