2 results (0.010 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22867 – Arbitrary code execution during build on darwin in cmd/go
https://notcve.org/view.php?id=CVE-2025-22867
06 Feb 2025 — On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2. • https://go.dev/cl/646996 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45340 – GOAUTH credential leak in cmd/go
https://notcve.org/view.php?id=CVE-2024-45340
28 Jan 2025 — Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file. • https://go.dev/cl/643097 •