Vulnerability & Exploit Database

Displaying all 5 entries

Results for: CVE-2018-7187 Back to search

SUSE: CVE-2018-7187: SUSE Linux Security Advisory Vulnerability

  • Severity: 9
  • Published: February 16, 2018

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.

Oracle Solaris 11: CVE-2018-7187 (11.4 GA) Vulnerability

  • Severity: 9
  • Published: February 16, 2018

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.

Gentoo Linux: CVE-2018-7187: Go: Arbitrary code execution Vulnerability

  • Severity: 9
  • Published: February 16, 2018

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.

Debian: CVE-2018-7187: golang, golang-1.7, golang-1.8 -- security update Vulnerability

  • Severity: 9
  • Published: February 16, 2018

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.

Amazon Linux AMI: CVE-2018-7187: Security patch for golang (ALAS-2018-975) Vulnerability

  • Severity: 9
  • Published: February 16, 2018

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.