Security Advisory

CVE-2020-28367

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-11-18 00:00:00

Last updated 2024-08-04 16:33:59

Assigner Go

State PUBLISHED

Description

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

← Browse all CVEs View on cve.org ↗