Security Advisory

CVE-2022-30580

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-09 20:18:04

Last updated 2026-03-06 17:34:03

Assigner Go

State PUBLISHED

Description

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.

← Browse all CVEs View on cve.org ↗