Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2022-30580

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.

  • Published: Aug 10, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-30580
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
golang / go 1.18.0 1.18.3
golang / go - 1.17.11