CyberSec.Space Logo
Back to CVE Browser

CVE-2018-12976

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile28.67th
PublishedJul 5, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.

Affected Platforms (CPE)

πŸ“¦
Godoc

Go Doc Dot Org

<= 2018-06-27

References & Advisories

πŸ”— https://github.com/golang/gddo/commit/daffe1f90ec57f8ed69464f9094753fc6452e983
πŸ”— https://groups.google.com/forum/#%21msg/golang-announce/4rpTbfzYB1k/no6MEwlQAwAJ
πŸ”— https://github.com/golang/gddo/commit/daffe1f90ec57f8ed69464f9094753fc6452e983
πŸ”— https://groups.google.com/forum/#%21msg/golang-announce/4rpTbfzYB1k/no6MEwlQAwAJ

Related Vulnerabilities

CVE-2018-2126810.0

The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. Thi...

CVE-2018-403110.0

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the w...

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...