Unrated severityNVD Advisory· Published Feb 7, 2018· Updated Aug 5, 2024
CVE-2018-6574
CVE-2018-6574
Description
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Affected products
8- osv-coords8 versionspkg:rpm/opensuse/go1.10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.11&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.12&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.8&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/go1.9&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/go&distro=SUSE%20Package%20Hub%2012
< 1.10.8-8.2+ 7 more
- (no CPE)range: < 1.10.8-8.2
- (no CPE)range: < 1.11.13-10.5
- (no CPE)range: < 1.12.17-4.8
- (no CPE)range: < 1.9.7-11.2
- (no CPE)range: < 1.17-1.1
- (no CPE)range: < 1.8.7-5.1
- (no CPE)range: < 1.9.4-5.1
- (no CPE)range: < 1.9.4-15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- access.redhat.com/errata/RHSA-2018:0878mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:1304mitrevendor-advisoryx_refsource_REDHAT
- www.debian.org/security/2019/dsa-4380mitrevendor-advisoryx_refsource_DEBIAN
- github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574mitrex_refsource_MISC
- github.com/golang/go/issues/23672mitrex_refsource_CONFIRM
- groups.google.com/forum/mitrex_refsource_CONFIRM
- groups.google.com/forum/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.