Vulnerability & Exploit Database

Displaying all 2 entries

Results for: CVE-2018-16874 Back to search

SUSE: CVE-2018-16874: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: December 14, 2018

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https:...

Gentoo Linux: CVE-2018-16874: Go: Multiple vulnerabilities Vulnerability

  • Severity: 7
  • Published: December 14, 2018

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https:...