This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Golang First view 2019-03-08
Product Go Last view 2021-01-26
Version 1.10.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:golang:go

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2021-01-26 CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

9.8 2019-05-13 CVE-2019-11888

Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.

7.8 2019-03-08 CVE-2019-9634

Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-427 Uncontrolled Search Path Element
33% (1) CWE-269 Improper Privilege Management
33% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Snort® IPS/IDS

Date Description
2019-05-14 Go binary bll-load exploit attempt
RuleID : 49786 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49785 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49784 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49783 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49782 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49781 - Type : FILE-OTHER - Revision : 1