CVE-2021-3115
High
Published: 26 January 2021
Published
26 January 2021
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.0014
33.4th percentile
Risk Priority
15
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-3115 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Golang Go. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-26467
Vulnerability details
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program…
more
from an untrusted download).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
golang
go
≤ 1.14.14 · 1.15 — 1.15.7
fedoraproject
fedora
33
netapp
cloud insights telegraf agent
all versions
netapp
storagegrid
all versions
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.