CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22867 – Arbitrary code execution during build on darwin in cmd/go
https://notcve.org/view.php?id=CVE-2025-22867
06 Feb 2025 — On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2. • https://go.dev/cl/646996 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45340 – GOAUTH credential leak in cmd/go
https://notcve.org/view.php?id=CVE-2024-45340
28 Jan 2025 — Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file. • https://go.dev/cl/643097 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-24787 – Arbitrary code execution during build on Darwin in cmd/go
https://notcve.org/view.php?id=CVE-2024-24787
08 May 2024 — On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. En Darwin, crear un módulo Go que contenga CGO puede desencadenar la ejecución de código arbitrario cuando se usa la versión Apple de ld, debido al uso del indicador -lto_library en una directiva "#cgo LDFLAGS". • https://github.com/LOURC0D3/CVE-2024-24787-PoC •