Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-15041

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.06
EPSS Ranking 90.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-15041
  • Golang » Go » Version: N/A
    cpe:2.3:a:golang:go:-
  • Golang » Go » Version: 0.0.0-20201203163018-be400aefbc4c
    cpe:2.3:a:golang:go:0.0.0-20201203163018-be400aefbc4c
  • Golang » Go » Version: 1.0
    cpe:2.3:a:golang:go:1.0
  • Golang » Go » Version: 1.0.1
    cpe:2.3:a:golang:go:1.0.1
  • Golang » Go » Version: 1.0.2
    cpe:2.3:a:golang:go:1.0.2
  • Golang » Go » Version: 1.0.3
    cpe:2.3:a:golang:go:1.0.3
  • Golang » Go » Version: 1.1
    cpe:2.3:a:golang:go:1.1
  • Golang » Go » Version: 1.1.1
    cpe:2.3:a:golang:go:1.1.1
  • Golang » Go » Version: 1.1.2
    cpe:2.3:a:golang:go:1.1.2
  • Golang » Go » Version: 1.2
    cpe:2.3:a:golang:go:1.2
  • Golang » Go » Version: 1.2.1
    cpe:2.3:a:golang:go:1.2.1
  • Golang » Go » Version: 1.2.2
    cpe:2.3:a:golang:go:1.2.2
  • Golang » Go » Version: 1.3
    cpe:2.3:a:golang:go:1.3
  • Golang » Go » Version: 1.3.1
    cpe:2.3:a:golang:go:1.3.1
  • Golang » Go » Version: 1.3.2
    cpe:2.3:a:golang:go:1.3.2
  • Golang » Go » Version: 1.3.3
    cpe:2.3:a:golang:go:1.3.3
  • Golang » Go » Version: 1.4
    cpe:2.3:a:golang:go:1.4
  • Golang » Go » Version: 1.4.1
    cpe:2.3:a:golang:go:1.4.1
  • Golang » Go » Version: 1.4.2
    cpe:2.3:a:golang:go:1.4.2
  • Golang » Go » Version: 1.4.3
    cpe:2.3:a:golang:go:1.4.3
  • Golang » Go » Version: 1.5
    cpe:2.3:a:golang:go:1.5
  • Golang » Go » Version: 1.5.1
    cpe:2.3:a:golang:go:1.5.1
  • Golang » Go » Version: 1.5.2
    cpe:2.3:a:golang:go:1.5.2
  • Golang » Go » Version: 1.5.3
    cpe:2.3:a:golang:go:1.5.3
  • Golang » Go » Version: 1.5.4
    cpe:2.3:a:golang:go:1.5.4
  • Golang » Go » Version: 1.6
    cpe:2.3:a:golang:go:1.6
  • Golang » Go » Version: 1.6.1
    cpe:2.3:a:golang:go:1.6.1
  • Golang » Go » Version: 1.6.2
    cpe:2.3:a:golang:go:1.6.2
  • Golang » Go » Version: 1.6.3
    cpe:2.3:a:golang:go:1.6.3
  • Golang » Go » Version: 1.6.4
    cpe:2.3:a:golang:go:1.6.4
  • Golang » Go » Version: 1.7
    cpe:2.3:a:golang:go:1.7
  • Golang » Go » Version: 1.7.1
    cpe:2.3:a:golang:go:1.7.1
  • Golang » Go » Version: 1.7.2
    cpe:2.3:a:golang:go:1.7.2
  • Golang » Go » Version: 1.7.3
    cpe:2.3:a:golang:go:1.7.3
  • Golang » Go » Version: 1.7.4
    cpe:2.3:a:golang:go:1.7.4
  • Golang » Go » Version: 1.7.5
    cpe:2.3:a:golang:go:1.7.5
  • Golang » Go » Version: 1.7.6
    cpe:2.3:a:golang:go:1.7.6
  • Golang » Go » Version: 1.8
    cpe:2.3:a:golang:go:1.8
  • Golang » Go » Version: 1.8.1
    cpe:2.3:a:golang:go:1.8.1
  • Golang » Go » Version: 1.8.2
    cpe:2.3:a:golang:go:1.8.2
  • Golang » Go » Version: 1.8.3
    cpe:2.3:a:golang:go:1.8.3
  • Golang » Go » Version: 1.9
    cpe:2.3:a:golang:go:1.9
  • Redhat » Developer Tools » Version: 1.0
    cpe:2.3:a:redhat:developer_tools:1.0
  • Debian » Debian Linux » Version: 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Redhat » Enterprise Linux Eus » Version: 7.6
    cpe:2.3:o:redhat:enterprise_linux_eus:7.6
  • Redhat » Enterprise Linux Eus » Version: 7.7
    cpe:2.3:o:redhat:enterprise_linux_eus:7.7
  • Redhat » Enterprise Linux Server » Version: 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Redhat » Enterprise Linux Server Aus » Version: 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Redhat » Enterprise Linux Server Aus » Version: 7.7
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7
  • Redhat » Enterprise Linux Tus » Version: 7.6
    cpe:2.3:o:redhat:enterprise_linux_tus:7.6
  • Redhat » Enterprise Linux Tus » Version: 7.7
    cpe:2.3:o:redhat:enterprise_linux_tus:7.7


Products
Pricing
Contact Us

Shodan ® - All rights reserved