CVE-2022-23773 PoC — cmd/go 安全漏洞

Source

https://github.com/YouShengLiu/CVE-2022-23773-Reproduce

Associated Vulnerability

Title:cmd/go 安全漏洞 (CVE-2022-23773)
Description:Google Go Cmd/go是美国谷歌（Google）公司的一个为Go语言提供命令支持的代码库。 cmd/go存在安全漏洞，该漏洞源于cmd进入1.16.14和1.17之前的go。X在1.17.7之前可能会错误地将分支名称理解为版本标记。如果参与者应该能够创建分支而不是标记，那么这可能会导致不正确的访问控制。

Readme

# CVE-2022-23773-Reproduce
## Execute the demo
```bash=
git clone https://github.com/Liuyushung/CVE-2022-23773-Reproduce.git
cd CVE-2022-23773-Reproduce/testenv/
./exec_main.sh
```

File Snapshot


 [4.0K]  /data/pocs/0173bd863cabf3a89c69ec785789f428c7ce5f1f
├── [  63]  go.mod
├── [  99]  library.go
├── [ 181]  README.md
└── [4.0K]  testenv
    ├── [2.5K]  exec_main.sh
    ├── [ 934]  install_go.sh
    └── [ 116]  main.go

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!