vulnerability
Amazon Linux 2023: CVE-2022-30580: Important priority package update for golang
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Aug 10, 2022 | Feb 17, 2025 | Feb 17, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Aug 10, 2022
Added
Feb 17, 2025
Modified
Feb 17, 2025
Description
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
A flaw was found in the os/exec golang package. This issue occurs when invoking different Cmd methods and the Cmd.Path is unset. This could lead to a command injection, allowing an attacker to execute any binaries in the working directory.
A flaw was found in the os/exec golang package. This issue occurs when invoking different Cmd methods and the Cmd.Path is unset. This could lead to a command injection, allowing an attacker to execute any binaries in the working directory.
Solution(s)
amazon-linux-2023-upgrade-golangamazon-linux-2023-upgrade-golang-binamazon-linux-2023-upgrade-golang-docsamazon-linux-2023-upgrade-golang-miscamazon-linux-2023-upgrade-golang-raceamazon-linux-2023-upgrade-golang-sharedamazon-linux-2023-upgrade-golang-srcamazon-linux-2023-upgrade-golang-tests
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.