CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7187

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.188

EPSS Ranking 94.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.3

References

Products affected by CVE-2018-7187

Golang » Go » Version: N/A

cpe:2.3:a:golang:go:-
Golang » Go » Version: 0.0.0-20201203163018-be400aefbc4c

cpe:2.3:a:golang:go:0.0.0-20201203163018-be400aefbc4c
Golang » Go » Version: 1.0

cpe:2.3:a:golang:go:1.0
Golang » Go » Version: 1.0.1

cpe:2.3:a:golang:go:1.0.1
Golang » Go » Version: 1.0.2

cpe:2.3:a:golang:go:1.0.2
Golang » Go » Version: 1.0.3

cpe:2.3:a:golang:go:1.0.3
Golang » Go » Version: 1.1

cpe:2.3:a:golang:go:1.1
Golang » Go » Version: 1.1.1

cpe:2.3:a:golang:go:1.1.1
Golang » Go » Version: 1.1.2

cpe:2.3:a:golang:go:1.1.2
Golang » Go » Version: 1.10

cpe:2.3:a:golang:go:1.10
Golang » Go » Version: 1.2

cpe:2.3:a:golang:go:1.2
Golang » Go » Version: 1.2.1

cpe:2.3:a:golang:go:1.2.1
Golang » Go » Version: 1.2.2

cpe:2.3:a:golang:go:1.2.2
Golang » Go » Version: 1.3

cpe:2.3:a:golang:go:1.3
Golang » Go » Version: 1.3.1

cpe:2.3:a:golang:go:1.3.1
Golang » Go » Version: 1.3.2

cpe:2.3:a:golang:go:1.3.2
Golang » Go » Version: 1.3.3

cpe:2.3:a:golang:go:1.3.3
Golang » Go » Version: 1.4

cpe:2.3:a:golang:go:1.4
Golang » Go » Version: 1.4.1

cpe:2.3:a:golang:go:1.4.1
Golang » Go » Version: 1.4.2

cpe:2.3:a:golang:go:1.4.2
Golang » Go » Version: 1.4.3

cpe:2.3:a:golang:go:1.4.3
Golang » Go » Version: 1.5

cpe:2.3:a:golang:go:1.5
Golang » Go » Version: 1.5.1

cpe:2.3:a:golang:go:1.5.1
Golang » Go » Version: 1.5.2

cpe:2.3:a:golang:go:1.5.2
Golang » Go » Version: 1.5.3

cpe:2.3:a:golang:go:1.5.3
Golang » Go » Version: 1.5.4

cpe:2.3:a:golang:go:1.5.4
Golang » Go » Version: 1.6

cpe:2.3:a:golang:go:1.6
Golang » Go » Version: 1.6.1

cpe:2.3:a:golang:go:1.6.1
Golang » Go » Version: 1.6.2

cpe:2.3:a:golang:go:1.6.2
Golang » Go » Version: 1.6.3

cpe:2.3:a:golang:go:1.6.3
Golang » Go » Version: 1.6.4

cpe:2.3:a:golang:go:1.6.4
Golang » Go » Version: 1.7

cpe:2.3:a:golang:go:1.7
Golang » Go » Version: 1.7.1

cpe:2.3:a:golang:go:1.7.1
Golang » Go » Version: 1.7.2

cpe:2.3:a:golang:go:1.7.2
Golang » Go » Version: 1.7.3

cpe:2.3:a:golang:go:1.7.3
Golang » Go » Version: 1.7.4

cpe:2.3:a:golang:go:1.7.4
Golang » Go » Version: 1.7.5

cpe:2.3:a:golang:go:1.7.5
Golang » Go » Version: 1.7.6

cpe:2.3:a:golang:go:1.7.6
Golang » Go » Version: 1.8

cpe:2.3:a:golang:go:1.8
Golang » Go » Version: 1.8.1

cpe:2.3:a:golang:go:1.8.1
Golang » Go » Version: 1.8.2

cpe:2.3:a:golang:go:1.8.2
Golang » Go » Version: 1.8.3

cpe:2.3:a:golang:go:1.8.3
Golang » Go » Version: 1.8.4

cpe:2.3:a:golang:go:1.8.4
Golang » Go » Version: 1.8.5

cpe:2.3:a:golang:go:1.8.5
Golang » Go » Version: 1.8.6

cpe:2.3:a:golang:go:1.8.6
Golang » Go » Version: 1.8.7

cpe:2.3:a:golang:go:1.8.7
Golang » Go » Version: 1.9

cpe:2.3:a:golang:go:1.9
Golang » Go » Version: 1.9.1

cpe:2.3:a:golang:go:1.9.1
Golang » Go » Version: 1.9.2

cpe:2.3:a:golang:go:1.9.2
Golang » Go » Version: 1.9.3

cpe:2.3:a:golang:go:1.9.3
Golang » Go » Version: 1.9.4

cpe:2.3:a:golang:go:1.9.4
Debian » Debian Linux » Version: 7.0

cpe:2.3:o:debian:debian_linux:7.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7187

Products

Pricing

Contact Us