Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
Improper Control of Generation of Code ('Code Injection')
Improper Control of Generation of Code ('Code Injection')
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in