Vulnerability in Golang Go

CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an un…

EPSS: 0.065 (92.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2021-3115?
CVE-2021-3115 is a high-severity vulnerability in Golang Go, classified under Uncontrolled Search Path Element. CVSS score: 7.5/10. Published 2021-01-26.
How severe is CVE-2021-3115?
High severity. CVSS v3 base score is 7.5 out of 10.