Google.Golang.Get.Remote.Command.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Google's Golang.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted Go package. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application by enticing the user to execute a "go get -u" command to important a malicious Go package.
Affected Products
Google Golang 1.10.x prior to 1.10.6
Google Golang 1.11.x prior to 1.11.3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor's advisory for updates:
https://github.com/golang/go/issues/29230
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-06 | 14.627 | Severity:medium:high |
2019-03-01 | 14.564 | Default_action:pass:drop |
2019-01-08 | 13.519 |