CVE-2023-45285 - Go “go get” Falls Back to Insecure git:// When Module Has a `.git` Suffix
In late 2023, the security team behind the Go programming language announced a serious vulnerability affecting how Go retrieves modules via go get. The issue
CVE-2023-39323 - Bypassing Go Build Security Using //line Directives
In 2023, a serious vulnerability was found in the Go programming language's build process. Known as CVE-2023-39323, this issue allows crafty attackers to
CVE-2023-29405 - How Malicious Go Modules Can Execute Arbitrary Code Using cgo LDFLAGS (gccgo Only)
*Published: June 2024*
TL;DR
If you use Go with the gccgo compiler, a security bug in how go handles #cgo LDFLAGS could let a
CVE-2023-29404 - How Go’s cgo LDFLAGS Vulnerability Could Let Malicious Code Run on Your Build Machine
Summary:
A critical vulnerability (CVE-2023-29404) in Golang’s cgo tool affects the go command—making it possible for attackers to run any code they want
CVE-2023-29402 - How Newline Characters in Directory Names Can Lead to Unexpected Code in Go Programs Using cgo
The Go programming language is well-loved for its focus on safety, consistency, and ease of use. However, even Go isn't immune to security
Episode
00:00:00
00:00:00