vulnerability
Red Hat: CVE-2023-45285: golang: cmd/go: Protocol Fallback when fetching modules (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Dec 6, 2023 | Feb 21, 2024 | Mar 12, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Dec 6, 2023
Added
Feb 21, 2024
Modified
Mar 12, 2025
Description
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).
Solution(s)
redhat-upgrade-delveredhat-upgrade-delve-debuginforedhat-upgrade-delve-debugsourceredhat-upgrade-go-toolsetredhat-upgrade-golangredhat-upgrade-golang-binredhat-upgrade-golang-docsredhat-upgrade-golang-miscredhat-upgrade-golang-srcredhat-upgrade-golang-tests
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.