Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary code execution via go.mod toolchain directive in cmd/go
Vulnerability Description
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google Go 代码注入漏洞
Vulnerability Description
Google Go是美国谷歌(Google)公司的一种静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。 Google Go 1.21版本存在安全漏洞,该漏洞源于工具链指令可用于执行相对于模块根目录的脚本和二进制文件。
CVSS Information
N/A
Vulnerability Type
N/A