CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-12976

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile28.67th
Published2018年7月5日
Last Modified2024年11月21日

Vulnerability Description

In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.

Affected Platforms (CPE)

📦
Godoc

Go Doc Dot Org

<= 2018-06-27

References & Advisories

🔗 https://github.com/golang/gddo/commit/daffe1f90ec57f8ed69464f9094753fc6452e983
🔗 https://groups.google.com/forum/#%21msg/golang-announce/4rpTbfzYB1k/no6MEwlQAwAJ
🔗 https://github.com/golang/gddo/commit/daffe1f90ec57f8ed69464f9094753fc6452e983
🔗 https://groups.google.com/forum/#%21msg/golang-announce/4rpTbfzYB1k/no6MEwlQAwAJ

相關漏洞威脅

CVE-2018-100065210.0

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosur...

CVE-2018-390710.0

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Fi...

CVE-2018-1071810.0

Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to...

CVE-2018-172210.0

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federa...