Cyber Resilience

CVE-2021-3115

High

Published: 26 January 2021

Published
26 January 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-3115 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Golang Go. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program…

more

from an untrusted download).

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

golang
go
≤ 1.14.14 · 1.15 — 1.15.7
fedoraproject
fedora
33
netapp
cloud insights telegraf agent
all versions
netapp
storagegrid
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References