CVE search results

111 – 112 of 112 results

Detailed view

Sort by:

CVE-2018-16874

Medium priority

Vulnerable

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters)....

7 affected packages

golang, golang-1.10, golang-1.6, golang-1.7, golang-1.11...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.7	Not in release	Not in release	Not in release	Not in release
golang-1.11	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation

CVE-2018-16873

Medium priority

Vulnerable

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or...

6 affected packages

golang, golang-1.10, golang-1.6, golang-1.8, golang-1.9, golang-1.11

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation
golang-1.11	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports