MGASA-2018-0238

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2018-7187

Published: 16 May 2018, 08:24

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 May 2018, 08:24

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated golang packages fix security vulnerability A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site (CVE-2018-7187)

Affected Systems

mageia•golang
< 1.9.4-4.mga6

References (3)

https://advisories.mageia.org/MGASA-2018-0238.html
https://bugs.mageia.org/show_bug.cgi?id=22812
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BZKVEAK5ZG3B4FJLZVMX3HIQ73RHC4VW/