VulnerableCode Package Details - pkg:deb/debian/golang-1.8@1.8.1-1%2Bdeb9u1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-59nw-22nv-aaam	Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.	CVE-2018-6574
VCID-5jua-1sv6-aaah	The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.	CVE-2018-7187
VCID-u6zq-xy5d-aaam	Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.	CVE-2019-6486

Vulnerability

Summary

Aliases

VCID-59nw-22nv-aaam

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.

CVE-2018-6574

VCID-5jua-1sv6-aaah

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.

CVE-2018-7187

VCID-u6zq-xy5d-aaam

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.

CVE-2019-6486

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T11:05:51.080182+00:00	Debian Oval Importer	Fixing	VCID-59nw-22nv-aaam	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:48:30.509539+00:00	Debian Oval Importer	Fixing	VCID-5jua-1sv6-aaah	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:27:31.458641+00:00	Debian Oval Importer	Fixing	VCID-u6zq-xy5d-aaam	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-20T20:03:42.746741+00:00	Debian Oval Importer	Fixing	VCID-59nw-22nv-aaam	None	36.1.3
2025-06-08T04:35:20.446424+00:00	Debian Oval Importer	Fixing	VCID-59nw-22nv-aaam	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:24:38.943064+00:00	Debian Oval Importer	Fixing	VCID-5jua-1sv6-aaah	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:12:31.267879+00:00	Debian Oval Importer	Fixing	VCID-u6zq-xy5d-aaam	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-07T13:51:17.853931+00:00	Debian Oval Importer	Fixing	VCID-59nw-22nv-aaam	None	36.1.0
2025-04-08T03:05:58.705852+00:00	Debian Oval Importer	Fixing	VCID-59nw-22nv-aaam	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:54:34.160550+00:00	Debian Oval Importer	Fixing	VCID-5jua-1sv6-aaah	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:41:37.022718+00:00	Debian Oval Importer	Fixing	VCID-u6zq-xy5d-aaam	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-07T12:26:12.928131+00:00	Debian Oval Importer	Fixing	VCID-59nw-22nv-aaam	None	36.0.0