VulnerableCode Package Details - pkg:alpm/archlinux/go@2:1.9.1-1

Search for packages

Package details: pkg:alpm/archlinux/go@2:1.9.1-1

Essentials
History (3)

purl	pkg:alpm/archlinux/go@2:1.9.1-1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-3w46-2bby-aaan	Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."	CVE-2017-15041

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:10.324731+00:00	Arch Linux Importer	Fixing	VCID-3w46-2bby-aaan	https://security.archlinux.org/AVG-442	36.0.0
2024-09-18T02:01:19.744796+00:00	Arch Linux Importer	Fixing	VCID-3w46-2bby-aaan	https://security.archlinux.org/AVG-442	34.0.1
2024-01-03T22:27:30.540622+00:00	Arch Linux Importer	Fixing	VCID-3w46-2bby-aaan	https://security.archlinux.org/AVG-442	34.0.0rc1