blob: 9b9cfe6fbb82ffd67a0e068eb49911d003b39917 [file] [log] [blame]
package = "cmd/go"
stdlib = true
do_not_export = true
description = """
The go command may execute arbitrary code at build time when using cgo on Windows.
This can be triggered by running go get on a malicious module, or any other time
the code is built.
"""
os = ["windows"]
cve = "CVE-2021-3115"
credit = "RyotaK"
published = "2021-04-14T12:00:00Z"
[[versions]]
fixed = "go1.14.14"
[[versions]]
fixed = "go1.15.7"
[links]
commit = "https://github.com/golang/go/commit/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0"
pr = "https://golang.org/cl/284783"
context = [
"https://github.com/golang/go/issues/43783",
"https://golang.org/cl/284780",
"https://github.com/golang/go/commit/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0"
]