CVE-2023-39320 Vulnerability Details

  /     /     /  

CVE-2023-39320 Metadata Quick Info

CVE Published: 08/09/2023 | CVE Updated: 26/09/2024 | CVE Year: 2023
Source: Go | Vendor: Go toolchain | Product: cmd/go
Status : PUBLISHED

CVE-2023-39320 Description

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-94: Improper Control of Generation of Code ( Code Injection )
Source: Go toolchain

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: