返回 CVE 瀏覽器

CVE-2018-12976

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0810%

EPSS Percentile28.67th

Published2018年7月5日

Last Modified2024年11月21日

Vulnerability Description

In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.

Affected Platforms (CPE)

📦

Godoc

Go Doc Dot Org

<= 2018-06-27

References & Advisories

🔗 https://github.com/golang/gddo/commit/daffe1f90ec57f8ed69464f9094753fc6452e983

🔗 https://groups.google.com/forum/#%21msg/golang-announce/4rpTbfzYB1k/no6MEwlQAwAJ

🔗 https://github.com/golang/gddo/commit/daffe1f90ec57f8ed69464f9094753fc6452e983

🔗 https://groups.google.com/forum/#%21msg/golang-announce/4rpTbfzYB1k/no6MEwlQAwAJ

相關漏洞威脅

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-422910.0

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatc...