← Back

CVE-2021-3115

nvd nist
Published: Jan 26, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: NVD

Description

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

Affected (5)

Golang
1 product
Go
Fedoraproject
1 product
Fedora
Netapp
2 products
Cloud Insights Telegraf Agent
Storagegrid
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Golang
Go
Before 1.14.14
Go
From 1.15 to 1.15.7
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 33
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Cloud Insights Telegraf Agent
All versions
Storagegrid
All versions

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (10)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.