14 Déc 2018
CVE-2018-16874 - CVE Vulnerability
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. (CVSS:0.0) (Last Update:2018-12-14)
Vulnerability Details : In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. Publish Date : 2018-12-14 Last Update Date : 2018-12-14 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2018-16874
- References For CVE-2018-16874
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2018-16874There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |