CVE-2023-39320

CRITICAL

GO < 1.21.1 - Code Injection

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-39320. PoCs published by ayrustogaru.

AI-analyzed exploit summary The repository contains deceptive code that simulates malicious activities (e.g., downloading trojans, exfiltrating data) but does not exploit CVE-2023-39320. The 'gagscript.py' file is a prank script that displays fake progress bars and rickrolls the user.

Description

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.

Exploits (1)

nomisec TROJAN 1 stars
by ayrustogaru · poc
https://github.com/ayrustogaru/cve-2023-39320

The repository contains deceptive code that simulates malicious activities (e.g., downloading trojans, exfiltrating data) but does not exploit CVE-2023-39320. The 'gagscript.py' file is a prank script that displays fake progress bars and rickrolls the user.

Classification
Trojan 100%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: None (fake exploit)
No auth needed
Prerequisites: None (deceptive script)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 9.8
EPSS 0.0141
EPSS Percentile 69.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
golang/go 1.21.0 - 1.21.1
Published Sep 08, 2023
Tracked Since Feb 18, 2026