vulnerability
Amazon Linux AMI 2: CVE-2022-30580: Security patch for golang (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Aug 10, 2022 | Apr 21, 2023 | Jan 30, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Aug 10, 2022
Added
Apr 21, 2023
Modified
Jan 30, 2025
Description
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
Solutions
amazon-linux-ami-2-upgrade-golangamazon-linux-ami-2-upgrade-golang-binamazon-linux-ami-2-upgrade-golang-docsamazon-linux-ami-2-upgrade-golang-miscamazon-linux-ami-2-upgrade-golang-raceamazon-linux-ami-2-upgrade-golang-sharedamazon-linux-ami-2-upgrade-golang-srcamazon-linux-ami-2-upgrade-golang-tests
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.