Go Standard Library Os Exec vulnerabilities

3 known vulnerabilities affecting go_standard_library/os_exec.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2025-47906MEDIUMCVSS 6.5fixed in 1.23.12≥ 1.24.0, < 1.24.62025-09-18

CVE-2025-47906 [MEDIUM] CVE-2025-47906: If the PATH environment variable contains paths which are executables (rather than just directories) If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

CVE-2022-41716HIGHCVSS 7.5fixed in 1.18.8≥ 1.19.0-0, < 1.19.32022-11-02

CVE-2022-41716 [HIGH] CVE-2022-41716: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Win Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For exam

CVE-2022-30580HIGHCVSS 7.8fixed in 1.17.11≥ 1.18.0-0, < 1.18.32022-08-10

CVE-2022-30580 [HIGH] CWE-94 CVE-2022-30580: Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binar Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.