Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-11-18
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-18
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-18
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-09-02
Page 9