[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-3115":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":257,"aliases":258,"duplicate_of":9,"upstream":261,"downstream":262,"duplicates":285,"related":286,"reserved_at":9,"published_at":294,"modified_at":295,"state":296,"summary":297,"references_raw":306,"kevs":362,"epss":363,"epss_history":366,"metrics":631,"affected":642},"CVE-2021-3115","Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-427","Uncontrolled Search Path Element","The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.","weakness","Draft","Base",[19,149],{"id":20,"name":21,"techniques":22},"CAPEC-38","Leveraging/Manipulating Configuration File Search Paths",[23,109],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.007","Path Interception by PATH Environment Variable",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,56,60,65,70,75,80,85,89,93,97,101,105],{"id":44,"name":45,"tactic":46},"D3-FA","File Analysis",{"name":47},"Detect",{"id":49,"name":50,"tactic":51},"D3-FIM","File Integrity Monitoring",{"name":47},{"id":53,"name":54,"tactic":55},"D3-DA","Dynamic Analysis",{"name":47},{"id":57,"name":58,"tactic":59},"D3-EFA","Emulated File Analysis",{"name":47},{"id":61,"name":62,"tactic":63},"D3-FEV","File Eviction",{"name":64},"Evict",{"id":66,"name":67,"tactic":68},"D3-DF","Decoy File",{"name":69},"Deceive",{"id":71,"name":72,"tactic":73},"D3-FE","File Encryption",{"name":74},"Harden",{"id":76,"name":77,"tactic":78},"D3-RF","Restore File",{"name":79},"Restore",{"id":81,"name":82,"tactic":83},"D3-CF","Content Filtering",{"name":84},"Isolate",{"id":86,"name":87,"tactic":88},"D3-LFP","Local File Permissions",{"name":84},{"id":90,"name":91,"tactic":92},"D3-RFAM","Remote File Access Mediation",{"name":84},{"id":94,"name":95,"tactic":96},"D3-CQ","Content Quarantine",{"name":84},{"id":98,"name":99,"tactic":100},"D3-CM","Content Modification",{"name":84},{"id":102,"name":103,"tactic":104},"D3-EAL","Executable Allowlisting",{"name":84},{"id":106,"name":107,"tactic":108},"D3-EDL","Executable Denylisting",{"name":84},{"id":110,"name":111,"tactics":112,"countermeasures":118},"T1574.009","Path Interception by Unquoted Path",[113,114,115,116,117],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[119,121,123,125,127,129,131,133,135,137,139,141,143,145,147],{"id":44,"name":45,"tactic":120},{"name":47},{"id":49,"name":50,"tactic":122},{"name":47},{"id":53,"name":54,"tactic":124},{"name":47},{"id":57,"name":58,"tactic":126},{"name":47},{"id":61,"name":62,"tactic":128},{"name":64},{"id":66,"name":67,"tactic":130},{"name":69},{"id":71,"name":72,"tactic":132},{"name":74},{"id":76,"name":77,"tactic":134},{"name":79},{"id":81,"name":82,"tactic":136},{"name":84},{"id":86,"name":87,"tactic":138},{"name":84},{"id":90,"name":91,"tactic":140},{"name":84},{"id":94,"name":95,"tactic":142},{"name":84},{"id":98,"name":99,"tactic":144},{"name":84},{"id":102,"name":103,"tactic":146},{"name":84},{"id":106,"name":107,"tactic":148},{"name":84},{"id":150,"name":151,"techniques":152},"CAPEC-471","Search Order Hijacking",[153,185,217],{"id":154,"name":155,"tactics":156,"countermeasures":162},"T1574.001","DLL",[157,158,159,160,161],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[163,165,167,169,171,173,175,177,179,181,183],{"id":44,"name":45,"tactic":164},{"name":47},{"id":49,"name":50,"tactic":166},{"name":47},{"id":61,"name":62,"tactic":168},{"name":64},{"id":66,"name":67,"tactic":170},{"name":69},{"id":71,"name":72,"tactic":172},{"name":74},{"id":76,"name":77,"tactic":174},{"name":79},{"id":81,"name":82,"tactic":176},{"name":84},{"id":86,"name":87,"tactic":178},{"name":84},{"id":90,"name":91,"tactic":180},{"name":84},{"id":94,"name":95,"tactic":182},{"name":84},{"id":98,"name":99,"tactic":184},{"name":84},{"id":186,"name":187,"tactics":188,"countermeasures":194},"T1574.004","Dylib Hijacking",[189,190,191,192,193],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[195,197,199,201,203,205,207,209,211,213,215],{"id":44,"name":45,"tactic":196},{"name":47},{"id":49,"name":50,"tactic":198},{"name":47},{"id":61,"name":62,"tactic":200},{"name":64},{"id":66,"name":67,"tactic":202},{"name":69},{"id":71,"name":72,"tactic":204},{"name":74},{"id":76,"name":77,"tactic":206},{"name":79},{"id":81,"name":82,"tactic":208},{"name":84},{"id":86,"name":87,"tactic":210},{"name":84},{"id":90,"name":91,"tactic":212},{"name":84},{"id":94,"name":95,"tactic":214},{"name":84},{"id":98,"name":99,"tactic":216},{"name":84},{"id":218,"name":219,"tactics":220,"countermeasures":226},"T1574.008","Path Interception by Search Order Hijacking",[221,222,223,224,225],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[227,229,231,233,235,237,239,241,243,245,247,249,251,253,255],{"id":44,"name":45,"tactic":228},{"name":47},{"id":49,"name":50,"tactic":230},{"name":47},{"id":53,"name":54,"tactic":232},{"name":47},{"id":57,"name":58,"tactic":234},{"name":47},{"id":61,"name":62,"tactic":236},{"name":64},{"id":66,"name":67,"tactic":238},{"name":69},{"id":71,"name":72,"tactic":240},{"name":74},{"id":76,"name":77,"tactic":242},{"name":79},{"id":81,"name":82,"tactic":244},{"name":84},{"id":86,"name":87,"tactic":246},{"name":84},{"id":90,"name":91,"tactic":248},{"name":84},{"id":94,"name":95,"tactic":250},{"name":84},{"id":98,"name":99,"tactic":252},{"name":84},{"id":102,"name":103,"tactic":254},{"name":84},{"id":106,"name":107,"tactic":256},{"name":84},[],[259,260],"GO-2021-0068","BIT-golang-2021-3115",[],[263,265,267,269,271,273,275,277,279,281,283],{"_key":264},"SUSE-SU-2021:0222-1",{"_key":266},"SUSE-SU-2021:0223-1",{"_key":268},"OPENSUSE-SU-2021:0190-1",{"_key":270},"OPENSUSE-SU-2021:0192-1",{"_key":272},"OPENSUSE-SU-2021:0194-1",{"_key":274},"OPENSUSE-SU-2024:10807-1",{"_key":276},"OPENSUSE-SU-2024:10808-1",{"_key":278},"RHSA-2021:1339",{"_key":280},"RHSA-2021:1746",{"_key":282},"RHSA-2021:2095",{"_key":284},"DEBIAN-CVE-2021-3115",[],[287,288,289,290,291,292,293],{"_key":264},{"_key":266},{"_key":268},{"_key":270},{"_key":272},{"_key":274},{"_key":276},"2021-01-26T02:14:51.000Z","2024-08-03T16:45:51.223Z","Modified",{"cisa_kev":298,"cisa_ransomware":298,"cisa_vendor":9,"epss_severity":299,"epss_score":300,"severity":301,"severity_score":302,"severity_version":303,"severity_source":304,"severity_vector":305,"severity_status":296},false,"low",0.00137,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",[307,315,320,325,329,334,340,344,349,354,358],{"url":308,"sources":309,"tags":311},"https://groups.google.com/g/golang-announce/c/mperVMGa98w",[310,304],"cve.org",[312,313,314],"X Refsource CONFIRM","Release Notes","Third Party Advisory",{"url":316,"sources":317,"tags":318},"https://blog.golang.org/path-security",[310,304],[312,319],"Vendor Advisory",{"url":321,"sources":322,"tags":323},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/",[310,304],[319,324],"X Refsource FEDORA",{"url":326,"sources":327,"tags":328},"https://security.netapp.com/advisory/ntap-20210219-0001/",[310,304],[312,314],{"url":330,"sources":331,"tags":332},"https://security.gentoo.org/glsa/202208-02",[310,304],[319,333,314],"X Refsource GENTOO",{"url":335,"sources":336,"tags":338},"https://go.dev/cl/284783",[337],"osv_go",[339],"FIX",{"url":341,"sources":342,"tags":343},"https://go.googlesource.com/go/+/953d1feca9b21af075ad5fc8a3dad096d3ccc3a0",[337],[339],{"url":345,"sources":346,"tags":347},"https://go.dev/issue/43783",[337],[348],"REPORT",{"url":350,"sources":351,"tags":352},"https://groups.google.com/g/golang-announce/c/mperVMGa98w/m/yo5W5wnvAAAJ",[337],[353],"WEB",{"url":355,"sources":356,"tags":357},"https://go.dev/cl/284780",[337],[339],{"url":359,"sources":360,"tags":361},"https://go.googlesource.com/go/+/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0",[337],[339],[],{"date":364,"score":300,"percentile":365},"2026-06-04",0.33307,[367,371,374,377,380,383,386,389,392,395,398,401,404,407,410,414,417,420,423,426,429,432,435,438,441,444,447,450,453,455,458,461,464,467,470,473,476,479,482,485,488,491,494,496,499,502,505,508,511,514,517,520,523,525,528,531,534,537,539,542,544,547,550,553,556,559,562,564,566,569,572,575,577,580,583,586,589,592,595,598,601,604,607,610,613,616,619,622,625,628],{"date":368,"score":369,"percentile":370},"2025-11-04",0.0013,0.33321,{"date":372,"score":369,"percentile":373},"2025-11-05",0.33305,{"date":375,"score":369,"percentile":376},"2025-11-06",0.33304,{"date":378,"score":369,"percentile":379},"2025-11-07",0.3332,{"date":381,"score":369,"percentile":382},"2025-11-08",0.33319,{"date":384,"score":369,"percentile":385},"2025-11-09",0.33296,{"date":387,"score":369,"percentile":388},"2025-11-10",0.33242,{"date":390,"score":369,"percentile":391},"2025-11-11",0.33266,{"date":393,"score":369,"percentile":394},"2025-11-12",0.33312,{"date":396,"score":369,"percentile":397},"2025-11-13",0.33327,{"date":399,"score":369,"percentile":400},"2025-11-14",0.33331,{"date":402,"score":369,"percentile":403},"2025-11-15",0.33329,{"date":405,"score":369,"percentile":406},"2025-11-16",0.33297,{"date":408,"score":369,"percentile":409},"2025-11-17",0.33269,{"date":411,"score":412,"percentile":413},"2025-11-18",0.00627,0.67799,{"date":415,"score":412,"percentile":416},"2025-11-19",0.67806,{"date":418,"score":412,"percentile":419},"2025-11-20",0.67801,{"date":421,"score":369,"percentile":422},"2025-11-21",0.33306,{"date":424,"score":369,"percentile":425},"2025-11-22",0.33311,{"date":427,"score":369,"percentile":428},"2025-11-23",0.33278,{"date":430,"score":369,"percentile":431},"2025-11-24",0.33251,{"date":433,"score":369,"percentile":434},"2025-11-25",0.33248,{"date":436,"score":369,"percentile":437},"2025-11-26",0.33245,{"date":439,"score":369,"percentile":440},"2025-11-27",0.33254,{"date":442,"score":369,"percentile":443},"2025-11-28",0.33235,{"date":445,"score":369,"percentile":446},"2025-11-29",0.33217,{"date":448,"score":369,"percentile":449},"2025-11-30",0.33194,{"date":451,"score":369,"percentile":452},"2025-12-01",0.33286,{"date":454,"score":369,"percentile":385},"2025-12-02",{"date":456,"score":369,"percentile":457},"2025-12-03",0.33294,{"date":459,"score":369,"percentile":460},"2025-12-04",0.33196,{"date":462,"score":369,"percentile":463},"2025-12-05",0.3323,{"date":465,"score":369,"percentile":466},"2025-12-06",0.33234,{"date":468,"score":369,"percentile":469},"2025-12-07",0.33214,{"date":471,"score":369,"percentile":472},"2025-12-08",0.33227,{"date":474,"score":369,"percentile":475},"2025-12-09",0.33276,{"date":477,"score":369,"percentile":478},"2025-12-10",0.33332,{"date":480,"score":369,"percentile":481},"2025-12-11",0.33353,{"date":483,"score":369,"percentile":484},"2025-12-12",0.33383,{"date":486,"score":369,"percentile":487},"2025-12-13",0.33368,{"date":489,"score":369,"percentile":490},"2025-12-14",0.33342,{"date":492,"score":369,"percentile":493},"2025-12-15",0.33295,{"date":495,"score":369,"percentile":379},"2025-12-16",{"date":497,"score":369,"percentile":498},"2025-12-17",0.33378,{"date":500,"score":369,"percentile":501},"2025-12-18",0.33426,{"date":503,"score":369,"percentile":504},"2025-12-19",0.33448,{"date":506,"score":369,"percentile":507},"2025-12-20",0.33432,{"date":509,"score":369,"percentile":510},"2025-12-21",0.33374,{"date":512,"score":369,"percentile":513},"2025-12-22",0.33346,{"date":515,"score":369,"percentile":516},"2025-12-23",0.33345,{"date":518,"score":369,"percentile":519},"2025-12-24",0.33338,{"date":521,"score":369,"percentile":522},"2025-12-25",0.33404,{"date":524,"score":369,"percentile":484},"2025-12-26",{"date":526,"score":369,"percentile":527},"2025-12-27",0.33393,{"date":529,"score":369,"percentile":530},"2025-12-28",0.33293,{"date":532,"score":369,"percentile":533},"2025-12-29",0.33257,{"date":535,"score":369,"percentile":536},"2025-12-30",0.3325,{"date":538,"score":369,"percentile":406},"2025-12-31",{"date":540,"score":369,"percentile":541},"2026-01-01",0.33445,{"date":543,"score":369,"percentile":507},"2026-01-02",{"date":545,"score":369,"percentile":546},"2026-01-03",0.33416,{"date":548,"score":369,"percentile":549},"2026-01-04",0.33274,{"date":551,"score":369,"percentile":552},"2026-01-05",0.33259,{"date":554,"score":369,"percentile":555},"2026-01-06",0.3327,{"date":557,"score":369,"percentile":558},"2026-01-07",0.33289,{"date":560,"score":369,"percentile":561},"2026-01-08",0.33318,{"date":563,"score":369,"percentile":561},"2026-01-09",{"date":565,"score":369,"percentile":561},"2026-01-10",{"date":567,"score":369,"percentile":568},"2026-01-11",0.33298,{"date":570,"score":369,"percentile":571},"2026-01-12",0.33228,{"date":573,"score":369,"percentile":574},"2026-01-13",0.33213,{"date":576,"score":369,"percentile":533},"2026-01-14",{"date":578,"score":369,"percentile":579},"2026-01-15",0.33252,{"date":581,"score":369,"percentile":582},"2026-01-16",0.33272,{"date":584,"score":369,"percentile":585},"2026-01-17",0.33256,{"date":587,"score":369,"percentile":588},"2026-01-18",0.33193,{"date":590,"score":369,"percentile":591},"2026-01-19",0.33158,{"date":593,"score":369,"percentile":594},"2026-01-20",0.33144,{"date":596,"score":369,"percentile":597},"2026-01-21",0.33102,{"date":599,"score":369,"percentile":600},"2026-01-22",0.33077,{"date":602,"score":369,"percentile":603},"2026-01-23",0.33141,{"date":605,"score":369,"percentile":606},"2026-01-24",0.33149,{"date":608,"score":369,"percentile":609},"2026-01-25",0.33076,{"date":611,"score":369,"percentile":612},"2026-01-26",0.33001,{"date":614,"score":369,"percentile":615},"2026-01-27",0.32991,{"date":617,"score":369,"percentile":618},"2026-01-28",0.32964,{"date":620,"score":369,"percentile":621},"2026-01-29",0.32925,{"date":623,"score":369,"percentile":624},"2026-01-30",0.32912,{"date":626,"score":369,"percentile":627},"2026-01-31",0.32921,{"date":629,"score":369,"percentile":630},"2026-02-01",0.33013,[632],{"source":304,"cvss_v2_0":633,"cvss_v3_0":9,"cvss_v3_1":638,"cvss_v4_0":9},{"baseScore":634,"baseSeverity":9,"vectorString":635,"impactScore":636,"exploitabilityScore":637},5.1,"AV:N/AC:H/Au:N/C:P/I:P/A:P",6.4,4.9,{"baseScore":302,"baseSeverity":639,"vectorString":305,"impactScore":640,"exploitabilityScore":641},"HIGH",9.8,4.1,[643,651,666,674,681],{"ecosystem":9,"name":644,"vendor":645,"product":644,"cpe_part":646,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":647},"fedora","fedoraproject","o",[648],{"version":649,"is_range":298,"range_type":650,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33","cpe",{"ecosystem":9,"name":652,"vendor":653,"product":652,"cpe_part":654,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":655},"go","golang","a",[656,661],{"version":657,"is_range":658,"range_type":650,"version_start":9,"version_start_type":9,"version_end":659,"version_end_type":660,"fixed_in":9},"lt1.14.14",true,"1.14.14","excluding",{"version":662,"is_range":658,"range_type":650,"version_start":663,"version_start_type":664,"version_end":665,"version_end_type":660,"fixed_in":9},"gte1.15_lt1.15.7","1.15","including","1.15.7",{"ecosystem":667,"name":668,"vendor":667,"product":668,"cpe_part":9,"purl_type":653,"purl_namespace":9,"purl_name":668,"source":9,"versions":669},"Go","toolchain",[670],{"version":671,"is_range":658,"range_type":672,"version_start":673,"version_start_type":664,"version_end":665,"version_end_type":660,"fixed_in":9},"gte1_15_0_0_lt1_15_7","semver","1.15.0-0",{"ecosystem":9,"name":675,"vendor":676,"product":677,"cpe_part":654,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":678},"cloud insights telegraf agent","netapp","cloud_insights_telegraf_agent",[679],{"version":680,"is_range":298,"range_type":650,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":682,"vendor":676,"product":682,"cpe_part":654,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":683},"storagegrid",[684],{"version":680,"is_range":298,"range_type":650,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]