Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code.
This can be caused by a malicious gcc flags specified via a #cgo directive.
Thanks to Imre Rad for reporting this issue.
This issue is CVE-2020-28367.
The text was updated successfully, but these errors were encountered:
Fixed by 062e0e5
Fixed by da7aa86 (https://golang.org/cl/267277)
Sorry, something went wrong.
No branches or pull requests