CVE - CVE-2022-30580

CVE-ID
CVE-2022-30580	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://go.dev/cl/403759 URL:https://go.dev/cl/403759 MISC:https://go.dev/issue/52574 URL:https://go.dev/issue/52574 MISC:https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e URL:https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e MISC:https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ URL:https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ MISC:https://pkg.go.dev/vuln/GO-2022-0532 URL:https://pkg.go.dev/vuln/GO-2022-0532
Assigning CNA
Go Project
Date Record Created
20220511	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20220511)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)