go1.15 (SUSE:Linux Enterprise Module for Development Tools 15 SP1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Development Tools 15 SP1 package go1.15, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2020-28366 — CVSS 7.5 (high): Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious…
CVE-2020-28367 — CVSS 7.5 (high): Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc…
CVE-2020-24553 — CVSS 6.1 (medium): Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.