CVE-2023-45285

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 6, 2023

Updated: Jan 20, 2024

Summary

CVE-2023-45285 is a vulnerability affecting the Go programming language's "go get" tool. When attempting to fetch a module with a ".git" suffix, the tool may unexpectedly revert to the insecure "git://" protocol if the module is not available via the secure "https://" and "git+ssh://" protocols. This issue only impacts users who have not enabled a module proxy and are directly fetching modules (GOPROXY=off).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Golang Go

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s6QUFn
https://www.cve.org/CVERecord?id=CVE-2023-45285
https://nvd.nist.gov/vuln/detail/CVE-2023-45285

Back to Vulnerability Database

CVE-2023-45285

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations