Vulnerability in Golang Go
CVE-2021-3115
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an un…
EPSS: 0.065 (92.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Golang Go
- Microsoft Windows
- Netapp Cloud_insights_telegraf_agent
- Netapp Storagegrid
- Fedoraproject Fedora — versions 33
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Release Notes)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
- cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
Frequently asked questions
- What is CVE-2021-3115?
- CVE-2021-3115 is a high-severity vulnerability in Golang Go, classified under Uncontrolled Search Path Element. CVSS score: 7.5/10. Published 2021-01-26.
- How severe is CVE-2021-3115?
- High severity. CVSS v3 base score is 7.5 out of 10.