CVE-2018-12976

CRITICAL

Go Doc Dot Org < 2018-06-27 - Remote Code Execution via Crafted Go-Import Tags

Title source: llm
STIX 2.1

Description

In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0447
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
godoc/go_doc_dot_org < 2018-06-27
Published Jul 05, 2018
Tracked Since Feb 18, 2026