High severity7.8NVD Advisory· Published Feb 7, 2018· Updated Jun 17, 2026
CVE-2018-6574
CVE-2018-6574
Description
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords8 versionspkg:rpm/opensuse/go1.10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.11&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.12&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.8&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/go1.9&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/go&distro=SUSE%20Package%20Hub%2012
< 1.10.8-8.2+ 7 more
- (no CPE)range: < 1.10.8-8.2
- (no CPE)range: < 1.11.13-10.5
- (no CPE)range: < 1.12.17-4.8
- (no CPE)range: < 1.9.7-11.2
- (no CPE)range: < 1.17-1.1
- (no CPE)range: < 1.8.7-5.1
- (no CPE)range: < 1.9.4-5.1
- (no CPE)range: < 1.9.4-15.1
Patches
Vulnerability mechanics
References
7- github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574nvdExploitThird Party Advisory
- access.redhat.com/errata/RHSA-2018:0878nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1304nvdThird Party Advisory
- github.com/golang/go/issues/23672nvdIssue TrackingThird Party Advisory
- www.debian.org/security/2019/dsa-4380nvdThird Party Advisory
- groups.google.com/forum/nvd
- groups.google.com/forum/nvd
News mentions
0No linked articles in our index yet.