reports/GO-2021-0068.toml - vulndb - Git at Google

 package = "cmd/go"

 stdlib = true
 do_not_export = true

 description = """
 The go command may execute arbitrary code at build time when using cgo on Windows.
 This can be triggered by running go get on a malicious module, or any other time
 the code is built.
 """

 os = ["windows"]

 cve = "CVE-2021-3115"

 credit = "RyotaK"

 [[versions]]
 fixed = "go1.14.14"

 [[versions]]
 fixed = "go1.15.7"

 [links]
 commit = "https://github.com/golang/go/commit/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0"
 pr = "https://golang.org/cl/284783"
 context = [
     "https://github.com/golang/go/issues/43783",
     "https://golang.org/cl/284780",
     "https://github.com/golang/go/commit/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0"
 ]
	package = "cmd/go"

	stdlib = true
	do_not_export = true

	description = """
	The go command may execute arbitrary code at build time when using cgo on Windows.
	This can be triggered by running go get on a malicious module, or any other time
	the code is built.
	"""

	os = ["windows"]

	cve = "CVE-2021-3115"

	credit = "RyotaK"

	[[versions]]
	fixed = "go1.14.14"

	[[versions]]
	fixed = "go1.15.7"

	[links]
	commit = "https://github.com/golang/go/commit/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0"
	pr = "https://golang.org/cl/284783"
	context = [
	"https://github.com/golang/go/issues/43783",
	"https://golang.org/cl/284780",
	"https://github.com/golang/go/commit/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0"
	]