CVE-2018-6574

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-6574
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6574.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-6574
Aliases
Downstream
Related
Published
2018-02-07T21:29:00.250Z
Modified
2026-03-20T11:26:31.112967Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type
GIT
Repo
https://github.com/golang/go
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
96c72e94687d1d78770a204f35993cb2cd3c91e4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c8aec4095e089ff6ac50d18e97c3f46561f14f48
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7f40c1214dd67cf171a347a5230da70bd8e10d32
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2ea7d3461bb41d0ae12b56ee52d43314bcdb97f9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a563954b799c6921fc3666b4723d38413f442145
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ce6b5c2ed5d3d5251b9a6a0c548d5fb2c8567e8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
594668a5a96267a46282ce3007a584ec07adf705
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5348aed83e39bd1d450d92d7f627e994c2db6ebf
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10-rc1"
        }
    ]
}

Affected versions

go1.*
go1.10beta1
go1.3beta1
go1.3beta2
go1.4beta1
go1.5beta1
go1.5beta2
go1.5beta3
go1.6beta1
go1.6beta2
go1.7beta1
go1.7beta2
go1.7rc1
go1.7rc2
go1.7rc3
go1.7rc4
go1.8
go1.8.2
go1.8.3
go1.8.4
go1.8.5
go1.8.6
go1.8beta1
go1.8beta2
go1.8rc1
go1.8rc2
go1.8rc3
go1.9
go1.9beta1
go1.9beta2
go1.9rc1
go1.9rc2
release.*
release.r56
Other
weekly
weekly.*
weekly.2009-11-06
weekly.2009-11-10
weekly.2009-11-10.1
weekly.2009-11-12
weekly.2009-11-17
weekly.2009-12-07
weekly.2009-12-09
weekly.2009-12-22
weekly.2010-01-05
weekly.2010-01-13
weekly.2010-01-27
weekly.2010-02-04
weekly.2010-02-17
weekly.2010-02-23
weekly.2010-03-04
weekly.2010-03-15
weekly.2010-03-22
weekly.2010-03-30
weekly.2010-04-13
weekly.2010-04-27
weekly.2010-05-04
weekly.2010-05-27
weekly.2010-06-09
weekly.2010-06-21
weekly.2010-07-01
weekly.2010-07-14
weekly.2010-07-29
weekly.2010-08-04
weekly.2010-08-11
weekly.2010-08-25
weekly.2010-09-06
weekly.2010-09-15
weekly.2010-09-22
weekly.2010-09-29
weekly.2010-10-13
weekly.2010-10-13.1
weekly.2010-10-20
weekly.2010-10-27
weekly.2010-11-02
weekly.2010-11-10
weekly.2010-11-23
weekly.2010-12-02
weekly.2010-12-08
weekly.2010-12-15
weekly.2010-12-15.1
weekly.2010-12-22
weekly.2011-01-06
weekly.2011-01-12
weekly.2011-01-19
weekly.2011-01-20
weekly.2011-02-01
weekly.2011-02-01.1
weekly.2011-02-15
weekly.2011-02-24
weekly.2011-03-07
weekly.2011-03-07.1
weekly.2011-03-15
weekly.2011-03-28
weekly.2011-04-04
weekly.2011-04-13
weekly.2011-04-27
weekly.2011-05-22
weekly.2011-06-02
weekly.2011-06-09
weekly.2011-06-16
weekly.2011-06-23
weekly.2011-07-07
weekly.2011-07-19
weekly.2011-07-29
weekly.2011-08-10
weekly.2011-08-17
weekly.2011-09-01
weekly.2011-09-07
weekly.2011-09-16
weekly.2011-09-21
weekly.2011-10-06
weekly.2011-10-18
weekly.2011-10-25
weekly.2011-10-26
weekly.2011-11-01
weekly.2011-11-02
weekly.2011-11-08
weekly.2011-11-09
weekly.2011-11-18
weekly.2011-12-01
weekly.2011-12-02
weekly.2011-12-06
weekly.2011-12-14
weekly.2011-12-22
weekly.2012-01-15
weekly.2012-01-20
weekly.2012-01-27
weekly.2012-02-07
weekly.2012-02-14
weekly.2012-02-22
weekly.2012-03-04
weekly.2012-03-13
weekly.2012-03-22
weekly.2012-03-27

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.6"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6574.json"