CVE-2020-28367

HIGH

GO < 1.14.12 - Code Injection

Title source: rule
STIX 2.1

Description

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

Scores

CVSS v3 7.5
EPSS 0.0237
EPSS Percentile 81.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
golang/go < 1.14.12
Published Nov 18, 2020
Tracked Since Feb 18, 2026