CVE-2020-28366

Published November 18th, 2020

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

5.1

MEDIUM

Affected

PROJECT

Description

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

golang/go

The Go programming language

GitHub

135K