Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
cmd/go: improper validation of cgo flags can lead to remote code execution at build time #42556
The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code.
This can be caused by a malicious gcc flags specified via a #cgo directive.
Thanks to Imre Rad for reporting this issue.
This issue is CVE-2020-28367.