[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-39320":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":62,"aliases":63,"duplicate_of":9,"upstream":66,"downstream":67,"duplicates":78,"related":79,"reserved_at":9,"published_at":88,"modified_at":89,"state":90,"summary":91,"references_raw":100,"kevs":135,"epss":136,"epss_history":139,"metrics":394,"affected":399},"CVE-2023-39320","The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the \"go\" command was executed within the module. This applies to modules downloaded using the \"go\" command from the module proxy, as well as modules downloaded directly using VCS software.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,58],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[28,39,46],{"id":29,"name":30,"tactics":31,"countermeasures":38},"T1027.006","HTML Smuggling",[32,35],{"id":33,"name":34},"TA0030","Defense Evasion",{"id":36,"name":37},"TA0005","Stealth",[],{"id":40,"name":41,"tactics":42,"countermeasures":45},"T1027.009","Embedded Payloads",[43,44],{"id":33,"name":34},{"id":36,"name":37},[],{"id":47,"name":48,"tactics":49,"countermeasures":52},"T1564.009","Resource Forking",[50,51],{"id":33,"name":34},{"id":36,"name":37},[53],{"id":54,"name":55,"tactic":56},"D3-FFV","File Format Verification",{"name":57},"Isolate",{"id":59,"name":60,"techniques":61},"CAPEC-77","Manipulating User-Controlled Variables",[],[],[64,65],"GO-2023-2042","BIT-golang-2023-39320",[],[68,70,72,74,76],{"_key":69},"UBUNTU-CVE-2023-39320",{"_key":71},"OPENSUSE-SU-2023:0360-1",{"_key":73},"SUSE-SU-2023:3701-1",{"_key":75},"SUSE-SU-2023:4469-1",{"_key":77},"OPENSUSE-SU-2024:13217-1",[],[80,81,82,83,84,86],{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":85},"CGA-8J4J-QXH6-9M2P",{"_key":87},"CGA-M5H9-C5W7-CG58","2023-09-08T16:13:26.609Z","2025-02-13T17:02:48.022Z","Modified",{"cisa_kev":92,"cisa_ransomware":92,"cisa_vendor":9,"epss_severity":93,"epss_score":94,"severity":95,"severity_score":96,"severity_version":97,"severity_source":98,"severity_vector":99,"severity_status":90},false,"low",0.00798,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[101,109,115,121,126,131],{"url":102,"sources":103,"tags":106},"https://go.dev/issue/62198",[104,98,105],"cve.org","osv_go",[107,108],"Issue Tracking","REPORT",{"url":110,"sources":111,"tags":112},"https://go.dev/cl/526158",[104,98,105],[113,114],"Patch","FIX",{"url":116,"sources":117,"tags":118},"https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",[104,98,105],[119,120],"Release Notes","WEB",{"url":122,"sources":123,"tags":124},"https://pkg.go.dev/vuln/GO-2023-2042",[104,98],[125],"Vendor Advisory",{"url":127,"sources":128,"tags":129},"https://security.netapp.com/advisory/ntap-20231020-0004/",[104,98],[130],"Third Party Advisory",{"url":132,"sources":133,"tags":134},"https://security.gentoo.org/glsa/202311-09",[104,98],[],[],{"date":137,"score":94,"percentile":138},"2026-06-04",0.74369,[140,143,146,149,151,153,156,158,161,164,167,170,173,175,178,182,185,188,191,193,196,199,202,205,207,209,212,214,217,220,223,225,228,231,233,236,239,242,245,248,250,252,255,258,261,265,268,271,274,276,279,282,285,288,291,294,297,300,303,306,309,311,314,317,320,323,326,329,332,335,337,340,343,346,349,352,354,356,359,362,365,368,371,374,377,380,383,385,388,391],{"date":141,"score":94,"percentile":142},"2025-11-04",0.73264,{"date":144,"score":94,"percentile":145},"2025-11-05",0.73248,{"date":147,"score":94,"percentile":148},"2025-11-06",0.73246,{"date":150,"score":94,"percentile":142},"2025-11-07",{"date":152,"score":94,"percentile":142},"2025-11-08",{"date":154,"score":94,"percentile":155},"2025-11-09",0.73258,{"date":157,"score":94,"percentile":148},"2025-11-10",{"date":159,"score":94,"percentile":160},"2025-11-11",0.73252,{"date":162,"score":94,"percentile":163},"2025-11-12",0.73271,{"date":165,"score":94,"percentile":166},"2025-11-13",0.73278,{"date":168,"score":94,"percentile":169},"2025-11-14",0.73284,{"date":171,"score":94,"percentile":172},"2025-11-15",0.73282,{"date":174,"score":94,"percentile":166},"2025-11-16",{"date":176,"score":94,"percentile":177},"2025-11-17",0.73272,{"date":179,"score":180,"percentile":181},"2025-11-18",0.06021,0.89786,{"date":183,"score":180,"percentile":184},"2025-11-19",0.8979,{"date":186,"score":180,"percentile":187},"2025-11-20",0.89792,{"date":189,"score":94,"percentile":190},"2025-11-21",0.73288,{"date":192,"score":94,"percentile":172},"2025-11-22",{"date":194,"score":94,"percentile":195},"2025-11-23",0.73267,{"date":197,"score":94,"percentile":198},"2025-11-24",0.7326,{"date":200,"score":94,"percentile":201},"2025-11-25",0.73263,{"date":203,"score":94,"percentile":204},"2025-11-26",0.73268,{"date":206,"score":94,"percentile":163},"2025-11-27",{"date":208,"score":94,"percentile":142},"2025-11-28",{"date":210,"score":94,"percentile":211},"2025-11-29",0.73254,{"date":213,"score":94,"percentile":145},"2025-11-30",{"date":215,"score":94,"percentile":216},"2025-12-01",0.73381,{"date":218,"score":94,"percentile":219},"2025-12-02",0.7339,{"date":221,"score":94,"percentile":222},"2025-12-03",0.73389,{"date":224,"score":94,"percentile":198},"2025-12-04",{"date":226,"score":94,"percentile":227},"2025-12-05",0.73269,{"date":229,"score":94,"percentile":230},"2025-12-06",0.7327,{"date":232,"score":94,"percentile":177},"2025-12-07",{"date":234,"score":94,"percentile":235},"2025-12-08",0.73277,{"date":237,"score":94,"percentile":238},"2025-12-09",0.73302,{"date":240,"score":94,"percentile":241},"2025-12-10",0.73335,{"date":243,"score":94,"percentile":244},"2025-12-11",0.73353,{"date":246,"score":94,"percentile":247},"2025-12-12",0.73377,{"date":249,"score":94,"percentile":216},"2025-12-13",{"date":251,"score":94,"percentile":216},"2025-12-14",{"date":253,"score":94,"percentile":254},"2025-12-15",0.73384,{"date":256,"score":94,"percentile":257},"2025-12-16",0.73393,{"date":259,"score":94,"percentile":260},"2025-12-17",0.73404,{"date":262,"score":263,"percentile":264},"2025-12-18",0.0082,0.73796,{"date":266,"score":263,"percentile":267},"2025-12-19",0.73812,{"date":269,"score":263,"percentile":270},"2025-12-20",0.73811,{"date":272,"score":263,"percentile":273},"2025-12-21",0.73803,{"date":275,"score":263,"percentile":273},"2025-12-22",{"date":277,"score":263,"percentile":278},"2025-12-23",0.73792,{"date":280,"score":94,"percentile":281},"2025-12-24",0.73436,{"date":283,"score":94,"percentile":284},"2025-12-25",0.73464,{"date":286,"score":94,"percentile":287},"2025-12-26",0.73462,{"date":289,"score":94,"percentile":290},"2025-12-27",0.73477,{"date":292,"score":94,"percentile":293},"2025-12-28",0.73437,{"date":295,"score":94,"percentile":296},"2025-12-29",0.73433,{"date":298,"score":94,"percentile":299},"2025-12-30",0.73447,{"date":301,"score":94,"percentile":302},"2025-12-31",0.73476,{"date":304,"score":94,"percentile":305},"2026-01-01",0.73626,{"date":307,"score":94,"percentile":308},"2026-01-02",0.73627,{"date":310,"score":94,"percentile":305},"2026-01-03",{"date":312,"score":94,"percentile":313},"2026-01-04",0.7349,{"date":315,"score":94,"percentile":316},"2026-01-05",0.73482,{"date":318,"score":94,"percentile":319},"2026-01-06",0.73494,{"date":321,"score":94,"percentile":322},"2026-01-07",0.73502,{"date":324,"score":94,"percentile":325},"2026-01-08",0.73512,{"date":327,"score":94,"percentile":328},"2026-01-09",0.73518,{"date":330,"score":94,"percentile":331},"2026-01-10",0.73513,{"date":333,"score":94,"percentile":334},"2026-01-11",0.73505,{"date":336,"score":94,"percentile":319},"2026-01-12",{"date":338,"score":94,"percentile":339},"2026-01-13",0.73491,{"date":341,"score":94,"percentile":342},"2026-01-14",0.73515,{"date":344,"score":94,"percentile":345},"2026-01-15",0.73525,{"date":347,"score":94,"percentile":348},"2026-01-16",0.73543,{"date":350,"score":94,"percentile":351},"2026-01-17",0.7354,{"date":353,"score":94,"percentile":342},"2026-01-18",{"date":355,"score":94,"percentile":322},"2026-01-19",{"date":357,"score":94,"percentile":358},"2026-01-20",0.73504,{"date":360,"score":94,"percentile":361},"2026-01-21",0.73508,{"date":363,"score":94,"percentile":364},"2026-01-22",0.73514,{"date":366,"score":94,"percentile":367},"2026-01-23",0.73544,{"date":369,"score":94,"percentile":370},"2026-01-24",0.73552,{"date":372,"score":94,"percentile":373},"2026-01-25",0.73535,{"date":375,"score":94,"percentile":376},"2026-01-26",0.73532,{"date":378,"score":94,"percentile":379},"2026-01-27",0.73537,{"date":381,"score":94,"percentile":382},"2026-01-28",0.73553,{"date":384,"score":94,"percentile":382},"2026-01-29",{"date":386,"score":94,"percentile":387},"2026-01-30",0.73559,{"date":389,"score":94,"percentile":390},"2026-01-31",0.73564,{"date":392,"score":94,"percentile":393},"2026-02-01",0.7369,[395],{"source":98,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":396,"cvss_v4_0":9},{"baseScore":96,"baseSeverity":397,"vectorString":99,"impactScore":96,"exploitabilityScore":398},"CRITICAL",10,[400,412,420],{"ecosystem":9,"name":401,"vendor":402,"product":401,"cpe_part":403,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":404},"cmd/go","go toolchain","a",[405],{"version":406,"is_range":407,"range_type":104,"version_start":408,"version_start_type":409,"version_end":410,"version_end_type":411,"fixed_in":9},">= 1.21.0-0, \u003C 1.21.1",true,"1.21.0-0","including","1.21.1","excluding",{"ecosystem":9,"name":413,"vendor":414,"product":413,"cpe_part":403,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":415},"go","golang",[416],{"version":417,"is_range":407,"range_type":418,"version_start":419,"version_start_type":409,"version_end":410,"version_end_type":411,"fixed_in":9},"gte1.21.0_lt1.21.1","cpe","1.21.0",{"ecosystem":421,"name":422,"vendor":421,"product":422,"cpe_part":9,"purl_type":414,"purl_namespace":9,"purl_name":422,"source":9,"versions":423},"Go","toolchain",[424],{"version":425,"is_range":407,"range_type":426,"version_start":408,"version_start_type":409,"version_end":410,"version_end_type":411,"fixed_in":9},"gte1_21_0_0_lt1_21_1","semver"]