VYPR
Unrated severityNVD Advisory· Published Nov 18, 2020· Updated Aug 4, 2024

Arbitrary code execution via the go command with cgo in cmd/go

CVE-2020-28367

Description

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.